General
-
Target
eGDBXEE70Awbg6D.exe
-
Size
873KB
-
Sample
210511-z2tc4bdeq6
-
MD5
d6c7a942320a4b982dd560a409d813d2
-
SHA1
6db1af3654356e63cab69e5f30907f82865ac391
-
SHA256
c5f47ef393da3d1b6ca1de252345d034ad35aadc80c5ec4911d0e6c353e5e1e8
-
SHA512
ccfb5b31cfa95a14e047c30252d74616975c19e92a4d2592b4a14990be5a8bb672a80ad2aca07f1a43d283bd211439eee5c56c1435e00437dfd946799533b4cb
Static task
static1
Behavioral task
behavioral1
Sample
eGDBXEE70Awbg6D.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
eGDBXEE70Awbg6D.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
office4@iykmoreentrprise.org - Password:
rwkWCM328
Targets
-
-
Target
eGDBXEE70Awbg6D.exe
-
Size
873KB
-
MD5
d6c7a942320a4b982dd560a409d813d2
-
SHA1
6db1af3654356e63cab69e5f30907f82865ac391
-
SHA256
c5f47ef393da3d1b6ca1de252345d034ad35aadc80c5ec4911d0e6c353e5e1e8
-
SHA512
ccfb5b31cfa95a14e047c30252d74616975c19e92a4d2592b4a14990be5a8bb672a80ad2aca07f1a43d283bd211439eee5c56c1435e00437dfd946799533b4cb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-