General
-
Target
Transfer1096-20_736289_PDF.exe
-
Size
973KB
-
Sample
210511-n1h5xffxsx
-
MD5
cfb6d7cd819b64c8c3088e5c9004712e
-
SHA1
4f233fd6e38c06f035064665fe15e6374bee382d
-
SHA256
eb0801ae0c61475a74fbc4bbe7c89df02fd2e2473f80b31e562af202f4dc8378
-
SHA512
1209a084204d3eb15ca40174b7223befb29f349a235af61bde0452715fd7f4f1ddca31b1c8338e2bb87ef67f41ecfe92a3e811c240ed63c46d4f82ddf3cb9add
Static task
static1
Behavioral task
behavioral1
Sample
Transfer1096-20_736289_PDF.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Transfer1096-20_736289_PDF.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Transfer1096-20_736289_PDF.exe
-
Size
973KB
-
MD5
cfb6d7cd819b64c8c3088e5c9004712e
-
SHA1
4f233fd6e38c06f035064665fe15e6374bee382d
-
SHA256
eb0801ae0c61475a74fbc4bbe7c89df02fd2e2473f80b31e562af202f4dc8378
-
SHA512
1209a084204d3eb15ca40174b7223befb29f349a235af61bde0452715fd7f4f1ddca31b1c8338e2bb87ef67f41ecfe92a3e811c240ed63c46d4f82ddf3cb9add
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-