General
-
Target
Transfer1096-20_736289_PDF.exe
-
Size
961KB
-
Sample
210511-n6kwwx392a
-
MD5
85072554c26c2d58bdaab6ffb3a3d732
-
SHA1
8a779daad05afe9e0b1d227b6bb9f042e3c1c7f0
-
SHA256
d6adc5fd4e50b6a75c1d1e2ad96c279c2ac31472eca3c0325ae6f83852440333
-
SHA512
b06b417b6baec76c032fa04c9e320a29430060e03dfa2c16f08d8062b3671fc9f3ae940baf56827d3a16bb5540327f25822b5c2b1173dfbf5f3a3f958d6b6ee6
Static task
static1
Behavioral task
behavioral1
Sample
Transfer1096-20_736289_PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Transfer1096-20_736289_PDF.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Transfer1096-20_736289_PDF.exe
-
Size
961KB
-
MD5
85072554c26c2d58bdaab6ffb3a3d732
-
SHA1
8a779daad05afe9e0b1d227b6bb9f042e3c1c7f0
-
SHA256
d6adc5fd4e50b6a75c1d1e2ad96c279c2ac31472eca3c0325ae6f83852440333
-
SHA512
b06b417b6baec76c032fa04c9e320a29430060e03dfa2c16f08d8062b3671fc9f3ae940baf56827d3a16bb5540327f25822b5c2b1173dfbf5f3a3f958d6b6ee6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-