General
-
Target
pd9EeXdsQtNb3dQ.exe
-
Size
2.2MB
-
Sample
210504-y3rc1smf4x
-
MD5
3dad3d4918e28ded77c3e2e93a42665f
-
SHA1
8b16dba4992b75a303f63a09d8a41ac99f28ce5c
-
SHA256
1b61b157db50652678e1e288cfce86f6c74e40f50a468f6d04d0010c84235210
-
SHA512
57173561296c538c174c3299ea6b64156c48977d8f958f86f14578d4a630ea80e7b6b890e6d1a21f94a1d556173db442b953b685de910f25d886cdeda88b3132
Static task
static1
Behavioral task
behavioral1
Sample
pd9EeXdsQtNb3dQ.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
pd9EeXdsQtNb3dQ.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
office5@iykmoreentrprise.org - Password:
rwkWCM328
Targets
-
-
Target
pd9EeXdsQtNb3dQ.exe
-
Size
2.2MB
-
MD5
3dad3d4918e28ded77c3e2e93a42665f
-
SHA1
8b16dba4992b75a303f63a09d8a41ac99f28ce5c
-
SHA256
1b61b157db50652678e1e288cfce86f6c74e40f50a468f6d04d0010c84235210
-
SHA512
57173561296c538c174c3299ea6b64156c48977d8f958f86f14578d4a630ea80e7b6b890e6d1a21f94a1d556173db442b953b685de910f25d886cdeda88b3132
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-