General
-
Target
5c2e20cf98a0d8918ddec80ef4ccf067.exe
-
Size
1.1MB
-
Sample
210421-cnbtvjp7la
-
MD5
5c2e20cf98a0d8918ddec80ef4ccf067
-
SHA1
9615fe84d0193341f3d5b718fffc109197933c51
-
SHA256
65778b8834d7849f816c747ae7f3dfc5466ded7781b34959d53cb1a544aaeef5
-
SHA512
5f3b73a4eeba98d15103a5e26f4657daae94b17977047790649e24af26503b4568e88e0ae0202855cd51cc29167f56011d4f799e32f38a4e57b7153c67f3d933
Static task
static1
Behavioral task
behavioral1
Sample
5c2e20cf98a0d8918ddec80ef4ccf067.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5c2e20cf98a0d8918ddec80ef4ccf067.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lpsinvest.com - Port:
587 - Username:
helio@lpsinvest.com - Password:
#@9$#@9r1jDC2BLR
Targets
-
-
Target
5c2e20cf98a0d8918ddec80ef4ccf067.exe
-
Size
1.1MB
-
MD5
5c2e20cf98a0d8918ddec80ef4ccf067
-
SHA1
9615fe84d0193341f3d5b718fffc109197933c51
-
SHA256
65778b8834d7849f816c747ae7f3dfc5466ded7781b34959d53cb1a544aaeef5
-
SHA512
5f3b73a4eeba98d15103a5e26f4657daae94b17977047790649e24af26503b4568e88e0ae0202855cd51cc29167f56011d4f799e32f38a4e57b7153c67f3d933
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-