General
-
Target
3611d9cefc06c8c111f2e6ffc961e529.exe
-
Size
1.1MB
-
Sample
210421-6dhffkbgrs
-
MD5
3611d9cefc06c8c111f2e6ffc961e529
-
SHA1
dbf7420d6f21993ede19e6549a1c6f43541631ab
-
SHA256
3584183ec5e40f74913b0c7a89c6e8d2256d51df3743a59f64bef89f5cdefa7e
-
SHA512
714f0faa4d53dc71d40f2c91ffd5a3164b1a4ae4a2ee33643bee1de502523da3ced74e166a4dcf5b2504b66e9e96db73bdfb26c33b53c4d53ffbb026e6016ef7
Static task
static1
Behavioral task
behavioral1
Sample
3611d9cefc06c8c111f2e6ffc961e529.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
3611d9cefc06c8c111f2e6ffc961e529.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendDocument
Targets
-
-
Target
3611d9cefc06c8c111f2e6ffc961e529.exe
-
Size
1.1MB
-
MD5
3611d9cefc06c8c111f2e6ffc961e529
-
SHA1
dbf7420d6f21993ede19e6549a1c6f43541631ab
-
SHA256
3584183ec5e40f74913b0c7a89c6e8d2256d51df3743a59f64bef89f5cdefa7e
-
SHA512
714f0faa4d53dc71d40f2c91ffd5a3164b1a4ae4a2ee33643bee1de502523da3ced74e166a4dcf5b2504b66e9e96db73bdfb26c33b53c4d53ffbb026e6016ef7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-