General
-
Target
Request Sample products.exe
-
Size
897KB
-
Sample
210511-dtr7wrppde
-
MD5
f64f75a76ab15e02ef0b9af4a5c829a5
-
SHA1
572cd977d029ce977cd2c4fade38ea882c64e57a
-
SHA256
32b40946b375a87fbcffd5dd1c8da2b375b2f976fca535e06cb36c9d8f40e866
-
SHA512
0f0c655d08a1f2cf54bf7fd5129acfd67b483454f2e6f9effce462313ed7c76fde0890b418675f01a8174a9d6b2ff9525cad19fddd0965c1b30f799a8e30bdee
Static task
static1
Behavioral task
behavioral1
Sample
Request Sample products.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Request Sample products.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.globaloffs-site.com - Port:
587 - Username:
info@globaloffs-site.com - Password:
ZjWYHma3
Targets
-
-
Target
Request Sample products.exe
-
Size
897KB
-
MD5
f64f75a76ab15e02ef0b9af4a5c829a5
-
SHA1
572cd977d029ce977cd2c4fade38ea882c64e57a
-
SHA256
32b40946b375a87fbcffd5dd1c8da2b375b2f976fca535e06cb36c9d8f40e866
-
SHA512
0f0c655d08a1f2cf54bf7fd5129acfd67b483454f2e6f9effce462313ed7c76fde0890b418675f01a8174a9d6b2ff9525cad19fddd0965c1b30f799a8e30bdee
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-