General
-
Target
75ab568fe148e4d229533c5a6cd6b572.exe
-
Size
446KB
-
Sample
210422-zkfdhzafss
-
MD5
75ab568fe148e4d229533c5a6cd6b572
-
SHA1
27f2df18153729839b1ae3b0e579c1df0db59df0
-
SHA256
fb91f67073fef8d391ccb08c31183ff2ff00e8a8ca0f71fb5bfce17fb0ddbd26
-
SHA512
3ea21ae941fe9ba09e8f951c406e90b43bd64e50106a57893cd832ccc6954a77935982129079bbe402e616876597d0f71ab384cbccab2d323002bb8ada73ed51
Static task
static1
Behavioral task
behavioral1
Sample
75ab568fe148e4d229533c5a6cd6b572.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
75ab568fe148e4d229533c5a6cd6b572.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
janryone.xyz - Port:
587 - Username:
[email protected] - Password:
xv*ZM6fqfw&7
Targets
-
-
Target
75ab568fe148e4d229533c5a6cd6b572.exe
-
Size
446KB
-
MD5
75ab568fe148e4d229533c5a6cd6b572
-
SHA1
27f2df18153729839b1ae3b0e579c1df0db59df0
-
SHA256
fb91f67073fef8d391ccb08c31183ff2ff00e8a8ca0f71fb5bfce17fb0ddbd26
-
SHA512
3ea21ae941fe9ba09e8f951c406e90b43bd64e50106a57893cd832ccc6954a77935982129079bbe402e616876597d0f71ab384cbccab2d323002bb8ada73ed51
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-