General
-
Target
QTY-3322.exe
-
Size
743KB
-
Sample
210511-mxj92l1sj6
-
MD5
a3d83561dfbe5040966053844b20d68b
-
SHA1
02de62dee6785a08b2025fa21ecc8619bd6dcd35
-
SHA256
8468cc08571c3290982083780878df02735e8dd243dc8fa606741e499303d97e
-
SHA512
ca710982c00d4b98aee6a467dfb4f8f0264cf8e7139dbd3c6d4a1756bb5c70ff41cf9c7aeee45cf073ce4d3ef96280be36c9d3cbb34b7a3987f954c30b90971c
Static task
static1
Behavioral task
behavioral1
Sample
QTY-3322.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
QTY-3322.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.frtsolutinos.com - Port:
587 - Username:
ops@frtsolutinos.com - Password:
N*+3lzCat9!x
Targets
-
-
Target
QTY-3322.exe
-
Size
743KB
-
MD5
a3d83561dfbe5040966053844b20d68b
-
SHA1
02de62dee6785a08b2025fa21ecc8619bd6dcd35
-
SHA256
8468cc08571c3290982083780878df02735e8dd243dc8fa606741e499303d97e
-
SHA512
ca710982c00d4b98aee6a467dfb4f8f0264cf8e7139dbd3c6d4a1756bb5c70ff41cf9c7aeee45cf073ce4d3ef96280be36c9d3cbb34b7a3987f954c30b90971c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-