General
-
Target
01217a79_by_Libranalysis
-
Size
1.8MB
-
Sample
210511-t5bftpjgt6
-
MD5
01217a79d1d0ad6e766382c46679a479
-
SHA1
5f54f5a933124516f0089dba9ac6458cf2171910
-
SHA256
8895f05f07d168eb225dff4d63bf2f5c0eef9bafba5fa87e745add460a9b0b9b
-
SHA512
199002d87d784e69b09b822506b35846126fff7c8440251199faddedecb49d8fe767def156bdfdad077e460da35b811f61fcb7f4949b037d7a4af6fbc2a68415
Static task
static1
Behavioral task
behavioral1
Sample
01217a79_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
01217a79_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
sugar@synderattorneys.com - Password:
success21
Targets
-
-
Target
01217a79_by_Libranalysis
-
Size
1.8MB
-
MD5
01217a79d1d0ad6e766382c46679a479
-
SHA1
5f54f5a933124516f0089dba9ac6458cf2171910
-
SHA256
8895f05f07d168eb225dff4d63bf2f5c0eef9bafba5fa87e745add460a9b0b9b
-
SHA512
199002d87d784e69b09b822506b35846126fff7c8440251199faddedecb49d8fe767def156bdfdad077e460da35b811f61fcb7f4949b037d7a4af6fbc2a68415
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-