General
-
Target
PROJECT SPECIFICATION.exe
-
Size
836KB
-
Sample
210511-3hftar8ahs
-
MD5
a708b477ccef2cba28ecf13292cf2aec
-
SHA1
299b0c6bbaf575b732359f65fd7165d0c494ce43
-
SHA256
6840025134fbaf51166ebedfd84bb32b0dcbebc40f1ecee660c2323239d60b5f
-
SHA512
5ddf6e3f3fb538cdb22ffaedc007ac12f7ff605bbf07f225661c77bdce5d4bbff4f25ba0ebc6ff64b23728320ad60ccab7e42bd48ffcf758d88b2fc5145c5b49
Static task
static1
Behavioral task
behavioral1
Sample
PROJECT SPECIFICATION.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PROJECT SPECIFICATION.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
market@marketresearchtrade.com - Password:
m@T_~U$eHI40
Targets
-
-
Target
PROJECT SPECIFICATION.exe
-
Size
836KB
-
MD5
a708b477ccef2cba28ecf13292cf2aec
-
SHA1
299b0c6bbaf575b732359f65fd7165d0c494ce43
-
SHA256
6840025134fbaf51166ebedfd84bb32b0dcbebc40f1ecee660c2323239d60b5f
-
SHA512
5ddf6e3f3fb538cdb22ffaedc007ac12f7ff605bbf07f225661c77bdce5d4bbff4f25ba0ebc6ff64b23728320ad60ccab7e42bd48ffcf758d88b2fc5145c5b49
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-