General
-
Target
e3139840_by_Libranalysis
-
Size
357KB
-
Sample
210517-s83jpvdygx
-
MD5
e31398408b6a7ca24d58b4a32a15efa5
-
SHA1
f883559d1f99814e60bfff8263be34088f6452b6
-
SHA256
182a95e2f2bcd61c3dd6d47b060029c539cdfa265cd83090b3c8199e910e0769
-
SHA512
2b2ba9bbcff829fa3b7c2bc2d4590e73d2280f471c2564125441a679fec6d66c39706d21b6659978e37615f41987e3e16a17ea731755be2dcefb1b46983cc47c
Static task
static1
Behavioral task
behavioral1
Sample
087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cargoair.bg - Port:
587 - Username:
ikostadinov@cargoair.bg - Password:
334455
Extracted
Protocol: smtp- Host:
mail.cargoair.bg - Port:
587 - Username:
ikostadinov@cargoair.bg - Password:
334455
Targets
-
-
Target
087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608
-
Size
380KB
-
MD5
b7b3ff3f7e197049db7c20001f0ea2e4
-
SHA1
0e57da7db883172c169461f25940feb75ef7866a
-
SHA256
087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608
-
SHA512
6c9b0dc5c8df64ef6158ccaff95bdce522a23026b0133b2f358c62672e5fbe77083844fa3af8d04a36f94afd901094de73c1a4798dd061055274d83ef46b0921
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-