General
-
Target
Ei76uYS4ahe752B.exe
-
Size
670KB
-
Sample
210504-xzld9zs9wa
-
MD5
37bdeb7dd32f6bf7ef310ca575f4236d
-
SHA1
fbd39cda4384a9bef901bb74afe2e42240fde4b2
-
SHA256
f3299da1eb5ad076c503fa440ba15e4bb418fa17b5cf0315620eaecf3b618de5
-
SHA512
b42edd28261294da3d6ac4c0a53ce5a1fbc6fe4060790c84e554139377a6c278fda6f045c0f086c667d72755c0ee7a7f97884d75e37930e62cafb4b00db4ca4d
Static task
static1
Behavioral task
behavioral1
Sample
Ei76uYS4ahe752B.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Ei76uYS4ahe752B.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.caltra.pt - Port:
587 - Username:
ricardo.godinho@caltra.pt - Password:
caltra1589
Targets
-
-
Target
Ei76uYS4ahe752B.exe
-
Size
670KB
-
MD5
37bdeb7dd32f6bf7ef310ca575f4236d
-
SHA1
fbd39cda4384a9bef901bb74afe2e42240fde4b2
-
SHA256
f3299da1eb5ad076c503fa440ba15e4bb418fa17b5cf0315620eaecf3b618de5
-
SHA512
b42edd28261294da3d6ac4c0a53ce5a1fbc6fe4060790c84e554139377a6c278fda6f045c0f086c667d72755c0ee7a7f97884d75e37930e62cafb4b00db4ca4d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-