General
-
Target
Product Range #2828915.exe
-
Size
648KB
-
Sample
210511-mea4wtskmx
-
MD5
a38866790c8c35700168dcbf70c451a4
-
SHA1
1c465c58bafc50427e4facab66bbbbc576dfee0e
-
SHA256
1252078421caf8c3415891ca9012a285c509a1b952b56cc84d163000155def0a
-
SHA512
99af98c49bdbf2bbbe040f79e3cbd7e837478ec98a11e34a9e2c38580620f4327eb6025174ec593ae1bfd59c31f1ef01145d3ada8e2e1cd68401d850757feaeb
Static task
static1
Behavioral task
behavioral1
Sample
Product Range #2828915.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Product Range #2828915.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
aseel.albiaty@rvwtechno.com - Password:
lDRsz!u1
Targets
-
-
Target
Product Range #2828915.exe
-
Size
648KB
-
MD5
a38866790c8c35700168dcbf70c451a4
-
SHA1
1c465c58bafc50427e4facab66bbbbc576dfee0e
-
SHA256
1252078421caf8c3415891ca9012a285c509a1b952b56cc84d163000155def0a
-
SHA512
99af98c49bdbf2bbbe040f79e3cbd7e837478ec98a11e34a9e2c38580620f4327eb6025174ec593ae1bfd59c31f1ef01145d3ada8e2e1cd68401d850757feaeb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-