General
-
Target
SecuriteInfo.com.W32.MSIL_Kryptik.DZG.genEldorado.27752.15715
-
Size
713KB
-
Sample
210421-hsly63a5xs
-
MD5
e646af1a498ede2a8df840e4ca290e59
-
SHA1
13a7b8016800ba9694f0589721bd34ab72dfb0a9
-
SHA256
20359c84189b6e46bea8c9ae514d2d7cc315341f1ebb93d7d6a9859fc54b92ee
-
SHA512
739ed8423188fcfe71903d35ed5cab29bf90a9af1bc1e4b22ae9b385219949176280f3017f9dff112589615f8616603a45ae9beed9d070b3191c45d0ad938061
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.MSIL_Kryptik.DZG.genEldorado.27752.15715.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.MSIL_Kryptik.DZG.genEldorado.27752.15715.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
barrado@inbox.ru - Password:
z6~Rhjss*B0}
Targets
-
-
Target
SecuriteInfo.com.W32.MSIL_Kryptik.DZG.genEldorado.27752.15715
-
Size
713KB
-
MD5
e646af1a498ede2a8df840e4ca290e59
-
SHA1
13a7b8016800ba9694f0589721bd34ab72dfb0a9
-
SHA256
20359c84189b6e46bea8c9ae514d2d7cc315341f1ebb93d7d6a9859fc54b92ee
-
SHA512
739ed8423188fcfe71903d35ed5cab29bf90a9af1bc1e4b22ae9b385219949176280f3017f9dff112589615f8616603a45ae9beed9d070b3191c45d0ad938061
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-