General
-
Target
9d36fb239fe761c2715f011015bb395a.exe
-
Size
40KB
-
Sample
210421-qamzgdmv6s
-
MD5
9d36fb239fe761c2715f011015bb395a
-
SHA1
f21ab7fbbbe95f1c71689f2a1b04586561c60c4b
-
SHA256
9538802ba4375e4207896722f9062ed583dfa523601f5473e000047c4faec144
-
SHA512
86950485066ee8179328896f3856fd4450fd04252f0b3d5cdbfdeabe39af56dd4102d978dbe14732886299e756dc379c985fa2192b6283959abb0596e9550bfc
Static task
static1
Behavioral task
behavioral1
Sample
9d36fb239fe761c2715f011015bb395a.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9d36fb239fe761c2715f011015bb395a.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
hisensetech.ml - Port:
587 - Username:
damianolog@hisensetech.ml - Password:
7213575aceACE@#$
Targets
-
-
Target
9d36fb239fe761c2715f011015bb395a.exe
-
Size
40KB
-
MD5
9d36fb239fe761c2715f011015bb395a
-
SHA1
f21ab7fbbbe95f1c71689f2a1b04586561c60c4b
-
SHA256
9538802ba4375e4207896722f9062ed583dfa523601f5473e000047c4faec144
-
SHA512
86950485066ee8179328896f3856fd4450fd04252f0b3d5cdbfdeabe39af56dd4102d978dbe14732886299e756dc379c985fa2192b6283959abb0596e9550bfc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-