General
-
Target
ac36833b427738c5e587c3867d6aadb1.exe
-
Size
1.1MB
-
Sample
210423-r8vq59fsgx
-
MD5
ac36833b427738c5e587c3867d6aadb1
-
SHA1
c3338af0e66ee9f869ca46010f2e0130ee6e5d5b
-
SHA256
edaf55b23f439bcbe6d462d23fa90ec9ea9a7973a65f7c161e9cdd82d4ec04c8
-
SHA512
aacb689896bd8866ebba4f8ab7595a7626940c2b95a7a549360378a79e7d18b46429f16304973e342f485c0b8a02f028380fa9b8a82691f5abe1faef0eeac7ec
Static task
static1
Behavioral task
behavioral1
Sample
ac36833b427738c5e587c3867d6aadb1.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ac36833b427738c5e587c3867d6aadb1.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
mrutledge@kvnatonal.com - Password:
TryAgain@1234
Targets
-
-
Target
ac36833b427738c5e587c3867d6aadb1.exe
-
Size
1.1MB
-
MD5
ac36833b427738c5e587c3867d6aadb1
-
SHA1
c3338af0e66ee9f869ca46010f2e0130ee6e5d5b
-
SHA256
edaf55b23f439bcbe6d462d23fa90ec9ea9a7973a65f7c161e9cdd82d4ec04c8
-
SHA512
aacb689896bd8866ebba4f8ab7595a7626940c2b95a7a549360378a79e7d18b46429f16304973e342f485c0b8a02f028380fa9b8a82691f5abe1faef0eeac7ec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-