General
-
Target
MZyeln5mSFOjxMx.exe
-
Size
702KB
-
Sample
210504-1s3cc3phf2
-
MD5
a1f21deabde4ac7fe57170410912cdd2
-
SHA1
9cd78ad0b7b988373870ddff2048f39bbc2a58df
-
SHA256
67e900002f5cff55084abd74646c25e1d22cf652cb0142315ab4bdc2906aad53
-
SHA512
96e9ca5076696300a1621bd4cc90dba8fb589ff9cd88f44c859a4705c07ef780b16c4d47bf6d7b667f0f8172d8095eacf02061cde712a22649cff1510e06feb9
Static task
static1
Behavioral task
behavioral1
Sample
MZyeln5mSFOjxMx.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MZyeln5mSFOjxMx.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
office5@iykmoreentrprise.org - Password:
rwkWCM328
Targets
-
-
Target
MZyeln5mSFOjxMx.exe
-
Size
702KB
-
MD5
a1f21deabde4ac7fe57170410912cdd2
-
SHA1
9cd78ad0b7b988373870ddff2048f39bbc2a58df
-
SHA256
67e900002f5cff55084abd74646c25e1d22cf652cb0142315ab4bdc2906aad53
-
SHA512
96e9ca5076696300a1621bd4cc90dba8fb589ff9cd88f44c859a4705c07ef780b16c4d47bf6d7b667f0f8172d8095eacf02061cde712a22649cff1510e06feb9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-