General
-
Target
4HwMTLRFvpnRf2a.exe
-
Size
2.2MB
-
Sample
210504-b3x62z7x4s
-
MD5
ec835ba0c96c625b726e90871fa4408e
-
SHA1
f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab
-
SHA256
6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe
-
SHA512
eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b
Static task
static1
Behavioral task
behavioral1
Sample
4HwMTLRFvpnRf2a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4HwMTLRFvpnRf2a.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fariya.com - Port:
587 - Username:
agha@fariya.com - Password:
password2017
Targets
-
-
Target
4HwMTLRFvpnRf2a.exe
-
Size
2.2MB
-
MD5
ec835ba0c96c625b726e90871fa4408e
-
SHA1
f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab
-
SHA256
6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe
-
SHA512
eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-