General
-
Target
P I.exe
-
Size
2.2MB
-
Sample
210504-7fcbxtdj86
-
MD5
92063f6f648e7642aeca603780cc0955
-
SHA1
aa413df7850d0b902b4c39514a84add8ffd2e141
-
SHA256
82ef3328a2ec113a17b123d3dac940a0c204a6cb1d636e29860751e8daf1a21c
-
SHA512
dc3ad903a50d29798864e014e07a70bf428e18f3c8b31aba357ac56706cc678c23c4d5ec2c61dbba601c702816e791021b34a1a3e1fed09bf392ba8b117808bb
Static task
static1
Behavioral task
behavioral1
Sample
P I.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
P I.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
cspuri@searchnet.co.in - Password:
22june1969
Targets
-
-
Target
P I.exe
-
Size
2.2MB
-
MD5
92063f6f648e7642aeca603780cc0955
-
SHA1
aa413df7850d0b902b4c39514a84add8ffd2e141
-
SHA256
82ef3328a2ec113a17b123d3dac940a0c204a6cb1d636e29860751e8daf1a21c
-
SHA512
dc3ad903a50d29798864e014e07a70bf428e18f3c8b31aba357ac56706cc678c23c4d5ec2c61dbba601c702816e791021b34a1a3e1fed09bf392ba8b117808bb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-