General
-
Target
djo_sc22.zip
-
Size
306KB
-
Sample
210511-dalch7nc52
-
MD5
58b1c66533e09a1ee4ee07d229aa70d3
-
SHA1
ad4b65c1e62204b4108b5a8a0a234771773ab397
-
SHA256
07487de6424ab745dc074192f22f01f63e680ab72e9a72be613503d7cba3b09b
-
SHA512
29d08c802f75742249e0728d33a8337e3a5f8b7ab264d2879ebb55b3fa03c3359e03ee30a0d113ecc5b088f68dd5288bc506065844b8bd2f0e42487f435b758d
Static task
static1
Behavioral task
behavioral1
Sample
5b15309de30fcdb1dab3393ab898b68f9390df15125551f95f1b23e3118336c8.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5b15309de30fcdb1dab3393ab898b68f9390df15125551f95f1b23e3118336c8.bin.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ayo@synderattorneys.com - Password:
success21
Targets
-
-
Target
5b15309de30fcdb1dab3393ab898b68f9390df15125551f95f1b23e3118336c8.bin
-
Size
1.8MB
-
MD5
951a1250c9ba86a26e8fe49c41ee099a
-
SHA1
78e9419b58a09876fbd3d2b40ab589f20b480d90
-
SHA256
5b15309de30fcdb1dab3393ab898b68f9390df15125551f95f1b23e3118336c8
-
SHA512
9b96af5efcf55319c30814975fa03622fbe704fbb251a6b9d887271026b6a2d8181d54b7eaf078df7d2eae8be6937ce2de4fe95d687a9382ed98bfe78a254651
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-