General
-
Target
e209b671ef6ce034fa39474b107f4eb8.exe
-
Size
983KB
-
Sample
210421-vwhxhtkwz2
-
MD5
e209b671ef6ce034fa39474b107f4eb8
-
SHA1
c36f2e6b420f734d106f0eb3b89d210f17cf4022
-
SHA256
001706c59174b47d3adb36f4d33ec09088af0f5899807e418a46d8747b07bab7
-
SHA512
608cc46338f851e5216cd7e8ed4aa173473abde2d482166acbfa012245c86aac4ed6111b35e012c4cf89f0367618a723079e3f48435f457d2795efde70b3485d
Static task
static1
Behavioral task
behavioral1
Sample
e209b671ef6ce034fa39474b107f4eb8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e209b671ef6ce034fa39474b107f4eb8.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cerak.co.rs - Port:
587 - Username:
pedja@cerak.co.rs - Password:
isidora456
Targets
-
-
Target
e209b671ef6ce034fa39474b107f4eb8.exe
-
Size
983KB
-
MD5
e209b671ef6ce034fa39474b107f4eb8
-
SHA1
c36f2e6b420f734d106f0eb3b89d210f17cf4022
-
SHA256
001706c59174b47d3adb36f4d33ec09088af0f5899807e418a46d8747b07bab7
-
SHA512
608cc46338f851e5216cd7e8ed4aa173473abde2d482166acbfa012245c86aac4ed6111b35e012c4cf89f0367618a723079e3f48435f457d2795efde70b3485d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-