General
-
Target
SOA MARCH 2021.exe
-
Size
1.2MB
-
Sample
210421-hz2gckh5gs
-
MD5
84b944e527da612d0fb17f3280f9465d
-
SHA1
a398dc081f31df7bbccd5799c8eba227f4a70fcd
-
SHA256
8332c253900ae23ef04e6d9bdb72cf5c12247a1e0cd42c6b15eaccbf1ff106df
-
SHA512
123e218ed60a20f782186cba3d910cd4c3c0e7eca17aee784ca131cd4ca752c90bf5afac8462977976b49c62a7448041036b063961063e4d794c25483f951525
Static task
static1
Behavioral task
behavioral1
Sample
SOA MARCH 2021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SOA MARCH 2021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Ricardo2021@vivaldi.net - Password:
Qwerty2020Hp##
Targets
-
-
Target
SOA MARCH 2021.exe
-
Size
1.2MB
-
MD5
84b944e527da612d0fb17f3280f9465d
-
SHA1
a398dc081f31df7bbccd5799c8eba227f4a70fcd
-
SHA256
8332c253900ae23ef04e6d9bdb72cf5c12247a1e0cd42c6b15eaccbf1ff106df
-
SHA512
123e218ed60a20f782186cba3d910cd4c3c0e7eca17aee784ca131cd4ca752c90bf5afac8462977976b49c62a7448041036b063961063e4d794c25483f951525
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-