General
-
Target
Order 4503860408.exe
-
Size
31KB
-
Sample
210511-y7jph2gakn
-
MD5
0888f0a595168ba009400babfe2e7a2d
-
SHA1
f84aa6d3fe9dc66f27a49bd94b9057a19aa66e0a
-
SHA256
ce7554fa09d44e22a27ff09a105b6a50c26b1b7476b79a6c18941bb6b7d96b30
-
SHA512
0decd4df19a8dfdbbec21165881368c303d09d98bfc12447768f83d10fa649df5fb6166915b88fc18e55af6a515360f5f0c00aec492bcd851494a2106a80f8f0
Static task
static1
Behavioral task
behavioral1
Sample
Order 4503860408.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Order 4503860408.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1703315481:AAF9ojcRH3Y4Iq9oLNsz7JFyV4u3ph8lCtU/sendDocument
Targets
-
-
Target
Order 4503860408.exe
-
Size
31KB
-
MD5
0888f0a595168ba009400babfe2e7a2d
-
SHA1
f84aa6d3fe9dc66f27a49bd94b9057a19aa66e0a
-
SHA256
ce7554fa09d44e22a27ff09a105b6a50c26b1b7476b79a6c18941bb6b7d96b30
-
SHA512
0decd4df19a8dfdbbec21165881368c303d09d98bfc12447768f83d10fa649df5fb6166915b88fc18e55af6a515360f5f0c00aec492bcd851494a2106a80f8f0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-