General
-
Target
w5FqUzyDmszpdwX.exe
-
Size
906KB
-
Sample
210511-a8jl7r6pk6
-
MD5
9a67f0453cb0442cc374d0e95a7d20a0
-
SHA1
0e49ab04d2aed969f87e9de86a1eb6f0e3fb67b4
-
SHA256
61d174848fcdab757bf469b021c329b9b698c1f3c621d3387ff515c360476cb0
-
SHA512
1ba6940677272555c0fcc44f763ed6de2db439fd405b31cafc79cc6c4cd39017fe7b8f8ad487f913b890e4e203a01ce0d12c79ba632606580369fa4c3fce3b90
Static task
static1
Behavioral task
behavioral1
Sample
w5FqUzyDmszpdwX.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
w5FqUzyDmszpdwX.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
office5@iykmoreentrprise.org - Password:
rwkWCM328
Targets
-
-
Target
w5FqUzyDmszpdwX.exe
-
Size
906KB
-
MD5
9a67f0453cb0442cc374d0e95a7d20a0
-
SHA1
0e49ab04d2aed969f87e9de86a1eb6f0e3fb67b4
-
SHA256
61d174848fcdab757bf469b021c329b9b698c1f3c621d3387ff515c360476cb0
-
SHA512
1ba6940677272555c0fcc44f763ed6de2db439fd405b31cafc79cc6c4cd39017fe7b8f8ad487f913b890e4e203a01ce0d12c79ba632606580369fa4c3fce3b90
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-