General
-
Target
IMG_056_102.exe
-
Size
475KB
-
Sample
210511-24fabcqces
-
MD5
6d438ecb10ecfbe8f9ad910aeea5a2ae
-
SHA1
7d6b73844c2bc14c1b1a88b43922d605e3d5c8f8
-
SHA256
3b7316582c9b3d382e1050a88b6a07640c45de22be0f547c6bb04866e394e2b8
-
SHA512
1898e134b7a161c86e4c274ee7f5ff206957523b800739fcfaeab010aafca3ecf6a3bcd567c0b5c3efc3ddb839e2a743f543ec022150e7c381d3ee88e02295c8
Static task
static1
Behavioral task
behavioral1
Sample
IMG_056_102.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_056_102.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sixjan.xyz - Port:
587 - Username:
bigazz@sixjan.xyz - Password:
H^i?T2&gWQ({
Targets
-
-
Target
IMG_056_102.exe
-
Size
475KB
-
MD5
6d438ecb10ecfbe8f9ad910aeea5a2ae
-
SHA1
7d6b73844c2bc14c1b1a88b43922d605e3d5c8f8
-
SHA256
3b7316582c9b3d382e1050a88b6a07640c45de22be0f547c6bb04866e394e2b8
-
SHA512
1898e134b7a161c86e4c274ee7f5ff206957523b800739fcfaeab010aafca3ecf6a3bcd567c0b5c3efc3ddb839e2a743f543ec022150e7c381d3ee88e02295c8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-