General
-
Target
454c89367555e6d2418d8d86cefec673.exe
-
Size
95KB
-
Sample
210421-98rn4cfxpn
-
MD5
454c89367555e6d2418d8d86cefec673
-
SHA1
b575032b2a62e795be0a1f22fbb5481fc6c06672
-
SHA256
08f9180d3f0932f1cd782a0513e920ebeef8f16eb8736e28decaa3ae427526cf
-
SHA512
d120c1345034fffa17216cda7bc4cad6240f078eda3b403696819cc949e3637c7c500b04a5a3dcf8023ba2d253d7a7f5e57b1064377454997a89a72237dd14ed
Static task
static1
Behavioral task
behavioral1
Sample
454c89367555e6d2418d8d86cefec673.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
454c89367555e6d2418d8d86cefec673.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
hisensetech.ml - Port:
587 - Username:
damianolog@hisensetech.ml - Password:
7213575aceACE@#$
Targets
-
-
Target
454c89367555e6d2418d8d86cefec673.exe
-
Size
95KB
-
MD5
454c89367555e6d2418d8d86cefec673
-
SHA1
b575032b2a62e795be0a1f22fbb5481fc6c06672
-
SHA256
08f9180d3f0932f1cd782a0513e920ebeef8f16eb8736e28decaa3ae427526cf
-
SHA512
d120c1345034fffa17216cda7bc4cad6240f078eda3b403696819cc949e3637c7c500b04a5a3dcf8023ba2d253d7a7f5e57b1064377454997a89a72237dd14ed
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-