General
-
Target
order 20210407DTR001.IMG.exe
-
Size
31KB
-
Sample
210421-mw7dy2sec2
-
MD5
75c5c3a4a631bd4a8ca1f3b01b959a10
-
SHA1
99e67c22eb50e800bef719152edcdd358c4d0dc9
-
SHA256
5a3479c05afb8620c7e078f550e924d29058c0c14010296f735ac19df393b713
-
SHA512
317093de63396044e6f562508516382dda96778f658b32b565be75a44d25020a2855d4a683033b64e71715cbe15af432cab833387cee9ee6de365b88b3f360b0
Static task
static1
Behavioral task
behavioral1
Sample
order 20210407DTR001.IMG.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
order 20210407DTR001.IMG.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.barraprime.com - Port:
587 - Username:
info@barraprime.com - Password:
1marco2017
Targets
-
-
Target
order 20210407DTR001.IMG.exe
-
Size
31KB
-
MD5
75c5c3a4a631bd4a8ca1f3b01b959a10
-
SHA1
99e67c22eb50e800bef719152edcdd358c4d0dc9
-
SHA256
5a3479c05afb8620c7e078f550e924d29058c0c14010296f735ac19df393b713
-
SHA512
317093de63396044e6f562508516382dda96778f658b32b565be75a44d25020a2855d4a683033b64e71715cbe15af432cab833387cee9ee6de365b88b3f360b0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-