General
-
Target
biggest.exe
-
Size
865KB
-
Sample
210421-r4t83pbh4s
-
MD5
30bd38d2a90db3510019a3fe7dae45cd
-
SHA1
ac16719ecd9103689f42ee1719eb6f1b444dba4b
-
SHA256
5d2ecd7210251e5d86670bd25655976536c0ac15f65185ea7003467be2ee5b19
-
SHA512
a41ed21642beee783f844d7eac920d2edcab180def732afcbd5d021bf8a72c09a2fe33ab6da5980dabca3230c4a0e73af29ee883bfac2e94aac71cdbd595be84
Static task
static1
Behavioral task
behavioral1
Sample
biggest.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
biggest.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
prodip@precisionenergy.me - Password:
@Mexico1.,
Targets
-
-
Target
biggest.exe
-
Size
865KB
-
MD5
30bd38d2a90db3510019a3fe7dae45cd
-
SHA1
ac16719ecd9103689f42ee1719eb6f1b444dba4b
-
SHA256
5d2ecd7210251e5d86670bd25655976536c0ac15f65185ea7003467be2ee5b19
-
SHA512
a41ed21642beee783f844d7eac920d2edcab180def732afcbd5d021bf8a72c09a2fe33ab6da5980dabca3230c4a0e73af29ee883bfac2e94aac71cdbd595be84
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-