General
-
Target
_order 20210407DTR001.IMG.zip
-
Size
13KB
-
Sample
210421-498rf3fzns
-
MD5
b78d159168de623a73b13b1d024be257
-
SHA1
bd9fd72597d21ede06ccb0e897620fa7289b007e
-
SHA256
92f252cae17bd30a46a9884d4d7809d668adf7c403676b048aa3cbe92b747892
-
SHA512
a069452ca8753f809b35bda198663bffe772c4f5725bf2c6ad1cee2a42b50451a388c0f332f6fabcb52d4e62d7447b9bb0593c89fb3797712c0306f30d3dc00c
Static task
static1
Behavioral task
behavioral1
Sample
order 20210407DTR001.IMG.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
order 20210407DTR001.IMG.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.barraprime.com - Port:
587 - Username:
info@barraprime.com - Password:
1marco2017
Targets
-
-
Target
order 20210407DTR001.IMG.exe
-
Size
31KB
-
MD5
75c5c3a4a631bd4a8ca1f3b01b959a10
-
SHA1
99e67c22eb50e800bef719152edcdd358c4d0dc9
-
SHA256
5a3479c05afb8620c7e078f550e924d29058c0c14010296f735ac19df393b713
-
SHA512
317093de63396044e6f562508516382dda96778f658b32b565be75a44d25020a2855d4a683033b64e71715cbe15af432cab833387cee9ee6de365b88b3f360b0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-