General
-
Target
cQrGQM0QpxJyI2F.exe
-
Size
838KB
-
Sample
210421-xj9p1kwyc6
-
MD5
09ba5d25651145b13bbef305e9426a91
-
SHA1
39e1c3ad5ff23391d66a1b0f5889d632c51cd22f
-
SHA256
ee431d813038d5f0f9a6bad63b0f15be52b60714445c25e380ef5ba27e5dd3d5
-
SHA512
474f7278cf63e1eeb481caafa6adf13dfc35f6fb4e83fe4e76b780718fbcb318b4303e1b19091305f5d8002f646267c7f35f784bdffd2c5e87f80e972313580f
Static task
static1
Behavioral task
behavioral1
Sample
cQrGQM0QpxJyI2F.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
cQrGQM0QpxJyI2F.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prozero-d.com - Port:
587 - Username:
security03@prozero-d.com - Password:
i~_.=lu0=u4v
Targets
-
-
Target
cQrGQM0QpxJyI2F.exe
-
Size
838KB
-
MD5
09ba5d25651145b13bbef305e9426a91
-
SHA1
39e1c3ad5ff23391d66a1b0f5889d632c51cd22f
-
SHA256
ee431d813038d5f0f9a6bad63b0f15be52b60714445c25e380ef5ba27e5dd3d5
-
SHA512
474f7278cf63e1eeb481caafa6adf13dfc35f6fb4e83fe4e76b780718fbcb318b4303e1b19091305f5d8002f646267c7f35f784bdffd2c5e87f80e972313580f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-