General
-
Target
documents and Details.bin
-
Size
618KB
-
Sample
210423-hbl28srkw2
-
MD5
d7d91766708bfa54f07cb2ed6e9e4620
-
SHA1
6afb76623f6bdf88b0a867648a1ea38d230e5e10
-
SHA256
f00c9450706beb17b5cc705f2e5cfe7c509f1776e3f4de99d9b3dddb7e7660a1
-
SHA512
95e18cdb4d3145c614e583591a1727e54b3e07c57f750096b8354d654fa48589a04d88d5178556bbef4732b254dc24584d93fecb35ef668788338eda33a659e1
Static task
static1
Behavioral task
behavioral1
Sample
documents and Details.bin.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zinco - Password:
computer147
Targets
-
-
Target
documents and Details.bin
-
Size
618KB
-
MD5
d7d91766708bfa54f07cb2ed6e9e4620
-
SHA1
6afb76623f6bdf88b0a867648a1ea38d230e5e10
-
SHA256
f00c9450706beb17b5cc705f2e5cfe7c509f1776e3f4de99d9b3dddb7e7660a1
-
SHA512
95e18cdb4d3145c614e583591a1727e54b3e07c57f750096b8354d654fa48589a04d88d5178556bbef4732b254dc24584d93fecb35ef668788338eda33a659e1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-