General
-
Target
P0900779.exe
-
Size
929KB
-
Sample
210511-sbk88a5cdj
-
MD5
2b5748f93c617c351cec0dbb22e35b30
-
SHA1
e9844d8415f1148eb2926b98917977b781801ed2
-
SHA256
b791f9ada5f7bab5e26ab2227b0f615afe2135362e53149ae13df99af3072fd1
-
SHA512
0186675f39175c58006f3b367b382c51476a0c4964c167f72190075e678ceba8047b3507e87565710b9749e3554d24c08bdc56ea9616a9c01d955736b0fb55aa
Static task
static1
Behavioral task
behavioral1
Sample
P0900779.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
P0900779.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.com - Port:
587 - Username:
miguel.chiliguano@sismode.com - Password:
Miguel1.2
Targets
-
-
Target
P0900779.exe
-
Size
929KB
-
MD5
2b5748f93c617c351cec0dbb22e35b30
-
SHA1
e9844d8415f1148eb2926b98917977b781801ed2
-
SHA256
b791f9ada5f7bab5e26ab2227b0f615afe2135362e53149ae13df99af3072fd1
-
SHA512
0186675f39175c58006f3b367b382c51476a0c4964c167f72190075e678ceba8047b3507e87565710b9749e3554d24c08bdc56ea9616a9c01d955736b0fb55aa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-