General
-
Target
MACHINE SPECIFICATION.exe
-
Size
903KB
-
Sample
210511-wghza53nzx
-
MD5
c53ba5ef5fe65b2057aa69376216ccc9
-
SHA1
a9683343c90a93f379702ddd6256ac66815da8e7
-
SHA256
5505773e19fa155a75c0edc2cc89e2896c40d0fa9c2a5cb9ee1b5e2c6264f8c0
-
SHA512
9006558b5ed640c057010377571548981aaab6ce5c9569ca30f9f128ae2556419a611168c9de80fbc48ee0ed3d1383995d39c885ae4d90217d8c5e825292d167
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE SPECIFICATION.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MACHINE SPECIFICATION.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ieaspk.com/ - Port:
21 - Username:
info@ieaspk.com - Password:
3%*A_tO)HxX@
Targets
-
-
Target
MACHINE SPECIFICATION.exe
-
Size
903KB
-
MD5
c53ba5ef5fe65b2057aa69376216ccc9
-
SHA1
a9683343c90a93f379702ddd6256ac66815da8e7
-
SHA256
5505773e19fa155a75c0edc2cc89e2896c40d0fa9c2a5cb9ee1b5e2c6264f8c0
-
SHA512
9006558b5ed640c057010377571548981aaab6ce5c9569ca30f9f128ae2556419a611168c9de80fbc48ee0ed3d1383995d39c885ae4d90217d8c5e825292d167
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-