General
-
Target
SOA MARCH 2021.exe
-
Size
724KB
-
Sample
210421-vf7ane8g22
-
MD5
33c12d55fd798df965c7ade79fab99b2
-
SHA1
d05278f2b8b9d3d47aaccb8c8a2f26d06e5548c0
-
SHA256
c41ed5dd41446e88d3d14ccab8d52c7581c6d09dc6ce14c05866384ac5a1ee37
-
SHA512
7aaca413b132073865762e0f60560b1f2540ae1f920c508d64872d84cfe2598b35327e8ab440fbed2c6c98cdde4421363533d8bc475469cd6f28eff04f521220
Static task
static1
Behavioral task
behavioral1
Sample
SOA MARCH 2021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SOA MARCH 2021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Ricardo2021@vivaldi.net - Password:
Qwerty2020Hp##
Targets
-
-
Target
SOA MARCH 2021.exe
-
Size
724KB
-
MD5
33c12d55fd798df965c7ade79fab99b2
-
SHA1
d05278f2b8b9d3d47aaccb8c8a2f26d06e5548c0
-
SHA256
c41ed5dd41446e88d3d14ccab8d52c7581c6d09dc6ce14c05866384ac5a1ee37
-
SHA512
7aaca413b132073865762e0f60560b1f2540ae1f920c508d64872d84cfe2598b35327e8ab440fbed2c6c98cdde4421363533d8bc475469cd6f28eff04f521220
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-