General
-
Target
ATuRNgegI7kl7Ua.exe
-
Size
666KB
-
Sample
210504-zncbkj1v5n
-
MD5
ec217acdf26636dd01ccba3dc7df5066
-
SHA1
768c321ffe79e38f92682477a2b9b0e6122721ab
-
SHA256
e27c7feb3112b0f8d3aa4195962fc2c430074179cbf6811874b49691c486e26f
-
SHA512
e317158e54d3eb664fd4a9d8b79dc29f1d8c66d4213f311b31fcc37c575bcea5b0fb6674441f464360fdf7aadf337c199abaf4193a8cd63c5d90d2c76b3314c7
Static task
static1
Behavioral task
behavioral1
Sample
ATuRNgegI7kl7Ua.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ATuRNgegI7kl7Ua.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chefoowork.com - Port:
587 - Username:
victo@chefoowork.com - Password:
Yi-yIzLFE-*b
Targets
-
-
Target
ATuRNgegI7kl7Ua.exe
-
Size
666KB
-
MD5
ec217acdf26636dd01ccba3dc7df5066
-
SHA1
768c321ffe79e38f92682477a2b9b0e6122721ab
-
SHA256
e27c7feb3112b0f8d3aa4195962fc2c430074179cbf6811874b49691c486e26f
-
SHA512
e317158e54d3eb664fd4a9d8b79dc29f1d8c66d4213f311b31fcc37c575bcea5b0fb6674441f464360fdf7aadf337c199abaf4193a8cd63c5d90d2c76b3314c7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-