General
-
Target
tegenesla.zip
-
Size
583KB
-
Sample
210504-9vg39s7yrx
-
MD5
89fa08970270740759e662a28e2d127c
-
SHA1
5fae5521f7cba9953a7f0414453f3b1c7cc236e7
-
SHA256
cd907739132c3527d46eaf498e62f1e3a23ad1d1c173bd50f6f5deed99512046
-
SHA512
8980a55578dfcbdefd97c384c736a00e4b825b48ae4803626be60884576aa4aab7d51f297c30f66f96bd44ce94dbfb232bee65f8575e9cb5f89fe1a0832ceb81
Static task
static1
Behavioral task
behavioral1
Sample
36c42944400bdcde3e3406f10e44f934f7ff7eefb0d4c81ebb44a1fa8ee560de.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
36c42944400bdcde3e3406f10e44f934f7ff7eefb0d4c81ebb44a1fa8ee560de.bin.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iruberritechnologies.com - Port:
587 - Username:
calidad1@iruberritechnologies.com - Password:
Vpx7s4QHfJx7
Targets
-
-
Target
36c42944400bdcde3e3406f10e44f934f7ff7eefb0d4c81ebb44a1fa8ee560de.bin
-
Size
862KB
-
MD5
fa27a040b4f42011d1ff8b89e10a8590
-
SHA1
36a4a67f882bcdb11e52f32fbfd6168e5806dc6c
-
SHA256
36c42944400bdcde3e3406f10e44f934f7ff7eefb0d4c81ebb44a1fa8ee560de
-
SHA512
659159acf48ccd8b2af61b8d4669805143a767079010cc2a87341023565590b84360274fec1505e578d8d750833dc94364fcaec10460145e053887d7f25f4d49
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-