General
-
Target
19475cac1dd4414ef6849b7f2df4ffae.exe
-
Size
46KB
-
Sample
210421-6mswmtvtde
-
MD5
19475cac1dd4414ef6849b7f2df4ffae
-
SHA1
a4161ef305a7d83b9261680b7d1b91da35987ec5
-
SHA256
587eded992067de0dd280d6f85001be0956623bb0a4228b1893fa3cb52e58c49
-
SHA512
540ff520338d6c3a95a18abc247cffe15791f390f64671bf3813f3e321bea54db8beb4b34ebc3ed1f0adb9f42ddbed428aaf00329a57671ba01402624c192d8c
Static task
static1
Behavioral task
behavioral1
Sample
19475cac1dd4414ef6849b7f2df4ffae.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
19475cac1dd4414ef6849b7f2df4ffae.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cerak.co.rs - Port:
587 - Username:
pedja@cerak.co.rs - Password:
isidora456
Targets
-
-
Target
19475cac1dd4414ef6849b7f2df4ffae.exe
-
Size
46KB
-
MD5
19475cac1dd4414ef6849b7f2df4ffae
-
SHA1
a4161ef305a7d83b9261680b7d1b91da35987ec5
-
SHA256
587eded992067de0dd280d6f85001be0956623bb0a4228b1893fa3cb52e58c49
-
SHA512
540ff520338d6c3a95a18abc247cffe15791f390f64671bf3813f3e321bea54db8beb4b34ebc3ed1f0adb9f42ddbed428aaf00329a57671ba01402624c192d8c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-