General
-
Target
f0ecbaf17da2ff569e089259b65e0165.exe
-
Size
714KB
-
Sample
210421-vdr8vcwme2
-
MD5
f0ecbaf17da2ff569e089259b65e0165
-
SHA1
d7c012a9a21e5990c4d4ce8ce803a9074a07166b
-
SHA256
b594f2b6d50e582013fef6de01449d3808940f119221efd40bd1775170dfcaec
-
SHA512
e8deaaf3da679b009fc46850ac83a17c781d18d9a993ff777e49dffe1758d0117e5efb730f0cf829b345a422239746cd5ac19af2f910709f2318f9a227758ca7
Static task
static1
Behavioral task
behavioral1
Sample
f0ecbaf17da2ff569e089259b65e0165.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
f0ecbaf17da2ff569e089259b65e0165.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lpsinvest.com - Port:
587 - Username:
helio@lpsinvest.com - Password:
#@9$#@9r1jDC2BLR
Targets
-
-
Target
f0ecbaf17da2ff569e089259b65e0165.exe
-
Size
714KB
-
MD5
f0ecbaf17da2ff569e089259b65e0165
-
SHA1
d7c012a9a21e5990c4d4ce8ce803a9074a07166b
-
SHA256
b594f2b6d50e582013fef6de01449d3808940f119221efd40bd1775170dfcaec
-
SHA512
e8deaaf3da679b009fc46850ac83a17c781d18d9a993ff777e49dffe1758d0117e5efb730f0cf829b345a422239746cd5ac19af2f910709f2318f9a227758ca7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-