General
-
Target
a7a26d57df53b79b97f904d5b5133f66.exe
-
Size
330KB
-
Sample
210511-8bgnrbjtae
-
MD5
a7a26d57df53b79b97f904d5b5133f66
-
SHA1
fea58a1854d5011f3424d0401750aadb4565c586
-
SHA256
1d685f076d57a177ad5b642cb0657de08e8607bd2b892c4b39146c6f2ada6473
-
SHA512
cd41f64fc26417114b8782dd8cdf4cf1bebce72c911d28070df724820e91359961c9eb7d09171d38f57eae84b8ad93967f0b08b78a781115a978c94ae7ffa64c
Static task
static1
Behavioral task
behavioral1
Sample
a7a26d57df53b79b97f904d5b5133f66.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a7a26d57df53b79b97f904d5b5133f66.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
rocio.perez@tecme-ar.com - Password:
Onelove1000$
Targets
-
-
Target
a7a26d57df53b79b97f904d5b5133f66.exe
-
Size
330KB
-
MD5
a7a26d57df53b79b97f904d5b5133f66
-
SHA1
fea58a1854d5011f3424d0401750aadb4565c586
-
SHA256
1d685f076d57a177ad5b642cb0657de08e8607bd2b892c4b39146c6f2ada6473
-
SHA512
cd41f64fc26417114b8782dd8cdf4cf1bebce72c911d28070df724820e91359961c9eb7d09171d38f57eae84b8ad93967f0b08b78a781115a978c94ae7ffa64c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-