General
-
Target
yl9KgwwOXDZoGMw.exe
-
Size
906KB
-
Sample
210511-ezxa8aazd6
-
MD5
798cb8a4ceae24a7a2fd213deb85a107
-
SHA1
3d7ec487833c318b475818cf771c2af165b6d82b
-
SHA256
f076d51c4fa09d0e318d43f41560fa50b8c4a4f327effa8aeafedf947800e4d8
-
SHA512
22dab34cf8ff46cc419705e4ab50929eeca9b20361f8716fea5d578c0e0a1e27e6a0d7c27a15a62d9923ca534b2e72c5aab49d66fd3f4e46d57cb3d6e5ca4532
Static task
static1
Behavioral task
behavioral1
Sample
yl9KgwwOXDZoGMw.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
yl9KgwwOXDZoGMw.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ken@kengrouco.xyz - Password:
Everest10
Targets
-
-
Target
yl9KgwwOXDZoGMw.exe
-
Size
906KB
-
MD5
798cb8a4ceae24a7a2fd213deb85a107
-
SHA1
3d7ec487833c318b475818cf771c2af165b6d82b
-
SHA256
f076d51c4fa09d0e318d43f41560fa50b8c4a4f327effa8aeafedf947800e4d8
-
SHA512
22dab34cf8ff46cc419705e4ab50929eeca9b20361f8716fea5d578c0e0a1e27e6a0d7c27a15a62d9923ca534b2e72c5aab49d66fd3f4e46d57cb3d6e5ca4532
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-