General
-
Target
7000750884_0000225573_210639_203639_my140001.exe
-
Size
263KB
-
Sample
210624-v6hcc559n6
-
MD5
b67cd892bde1034df3a2dd6ec9b3170f
-
SHA1
cf78b1be6510ae4478048361000fbdce9f21d133
-
SHA256
2d90d1eb72b8258b6eafa378348d531aa523e195aa33dba3365000bba8f6eeac
-
SHA512
6015b8df8b275f8354bfdb41ccde4c2e8066ea1c4711634443ef1e121e2bdc2b8779e3f2efeddcb69fea3487722e4cf43868f6211e05e709e89631b4f6410c3a
Static task
static1
Behavioral task
behavioral1
Sample
7000750884_0000225573_210639_203639_my140001.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7000750884_0000225573_210639_203639_my140001.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cairoshippinginternational.com - Port:
587 - Username:
samy@cairoshippinginternational.com - Password:
NermoSamy@2006+
Targets
-
-
Target
7000750884_0000225573_210639_203639_my140001.exe
-
Size
263KB
-
MD5
b67cd892bde1034df3a2dd6ec9b3170f
-
SHA1
cf78b1be6510ae4478048361000fbdce9f21d133
-
SHA256
2d90d1eb72b8258b6eafa378348d531aa523e195aa33dba3365000bba8f6eeac
-
SHA512
6015b8df8b275f8354bfdb41ccde4c2e8066ea1c4711634443ef1e121e2bdc2b8779e3f2efeddcb69fea3487722e4cf43868f6211e05e709e89631b4f6410c3a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-