General
-
Target
Ll2LxWOagynlSgJ.exe
-
Size
674KB
-
Sample
210504-l9ayzst1w6
-
MD5
9dfaa6afc47f0bf01155b7f8253f719b
-
SHA1
0e82d1395e219ed0400959e6315675fdd03f0a54
-
SHA256
fd0be553157fca2a0a5f4cc559d95a3d6ec4b27b6f1368cad25997cac0ccac8f
-
SHA512
95f379a10ffd895be1b653dfb32227be31764c13ce75f35f21be6472045e385bb0aca718a6a1b0c57158c1449094b409c3192f19c47900e2d3829588b9980e2e
Static task
static1
Behavioral task
behavioral1
Sample
Ll2LxWOagynlSgJ.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Ll2LxWOagynlSgJ.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nilkarnal.com - Port:
587 - Username:
logs@nilkarnal.com - Password:
company1960
Targets
-
-
Target
Ll2LxWOagynlSgJ.exe
-
Size
674KB
-
MD5
9dfaa6afc47f0bf01155b7f8253f719b
-
SHA1
0e82d1395e219ed0400959e6315675fdd03f0a54
-
SHA256
fd0be553157fca2a0a5f4cc559d95a3d6ec4b27b6f1368cad25997cac0ccac8f
-
SHA512
95f379a10ffd895be1b653dfb32227be31764c13ce75f35f21be6472045e385bb0aca718a6a1b0c57158c1449094b409c3192f19c47900e2d3829588b9980e2e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-