General
-
Target
Scan docs.exe
-
Size
926KB
-
Sample
210624-1w1n9ctnrx
-
MD5
94159f5873c12cd7ee9b2ab1a0123afc
-
SHA1
16bb42d7b6ec5536c06c4d7e424633940f61263d
-
SHA256
aa1726ec4e7bc607566c3c181498b479506c40449f69319a7bf0981f4e052bfe
-
SHA512
e815a803e83c7b1e8584a043286503842c8c79b4be7193b92950a0df637be661b53de4bf473278b5c038097af9fd2213908a5b90527d232205d1e6eb226d11b5
Static task
static1
Behavioral task
behavioral1
Sample
Scan docs.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Scan docs.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.atlmexco.com - Port:
587 - Username:
maksat@atlmexco.com - Password:
Ma1301
Targets
-
-
Target
Scan docs.exe
-
Size
926KB
-
MD5
94159f5873c12cd7ee9b2ab1a0123afc
-
SHA1
16bb42d7b6ec5536c06c4d7e424633940f61263d
-
SHA256
aa1726ec4e7bc607566c3c181498b479506c40449f69319a7bf0981f4e052bfe
-
SHA512
e815a803e83c7b1e8584a043286503842c8c79b4be7193b92950a0df637be661b53de4bf473278b5c038097af9fd2213908a5b90527d232205d1e6eb226d11b5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-