General
-
Target
HTC-13051989.exe
-
Size
769KB
-
Sample
210421-g39dc6ck16
-
MD5
57e099f3ee65cea1742d6e14aca63b6a
-
SHA1
0522cd10a7e97b0479490b0560e586230918c32b
-
SHA256
e8e2ccc357ad743b6624db801ecfd50e897149198325850ba73dff5342697869
-
SHA512
1a0de4d01b8a5323c8c7ebc9b785affd7c283a19962f43479276e93eed065dff6c7fd24559dacf5fa3876f0037414b106a30520a50ffb0744fb00433a7b301a6
Static task
static1
Behavioral task
behavioral1
Sample
HTC-13051989.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
HTC-13051989.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.syntrnomh.com - Port:
587 - Username:
rainie.wang@syntrnomh.com - Password:
Tdn$AuZro1
Targets
-
-
Target
HTC-13051989.exe
-
Size
769KB
-
MD5
57e099f3ee65cea1742d6e14aca63b6a
-
SHA1
0522cd10a7e97b0479490b0560e586230918c32b
-
SHA256
e8e2ccc357ad743b6624db801ecfd50e897149198325850ba73dff5342697869
-
SHA512
1a0de4d01b8a5323c8c7ebc9b785affd7c283a19962f43479276e93eed065dff6c7fd24559dacf5fa3876f0037414b106a30520a50ffb0744fb00433a7b301a6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-