General
-
Target
3e2f931e05a98dae448e6f47833debfc.exe
-
Size
60KB
-
Sample
210421-gjwyxjsew2
-
MD5
3e2f931e05a98dae448e6f47833debfc
-
SHA1
801b4031489554caa54648789284c8066da0c23c
-
SHA256
320c5b4c869e9f7905fbad7dc8d58415d105c8fc5b7d7389cc14cd62c8ebd385
-
SHA512
e2aee588eaea897e27f1d834e5295df07010ebb8401208b9d2b4f0aca4f2404609eaed67d7e08e6b3bd82dc4198cf45172713f0d778c1bcd3e50e53ae478ff51
Static task
static1
Behavioral task
behavioral1
Sample
3e2f931e05a98dae448e6f47833debfc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
3e2f931e05a98dae448e6f47833debfc.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
hisensetech.ml - Port:
587 - Username:
maxlog@hisensetech.ml - Password:
7213575aceACE@#$
Targets
-
-
Target
3e2f931e05a98dae448e6f47833debfc.exe
-
Size
60KB
-
MD5
3e2f931e05a98dae448e6f47833debfc
-
SHA1
801b4031489554caa54648789284c8066da0c23c
-
SHA256
320c5b4c869e9f7905fbad7dc8d58415d105c8fc5b7d7389cc14cd62c8ebd385
-
SHA512
e2aee588eaea897e27f1d834e5295df07010ebb8401208b9d2b4f0aca4f2404609eaed67d7e08e6b3bd82dc4198cf45172713f0d778c1bcd3e50e53ae478ff51
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-