General
-
Target
3e2a1681fc8caef1b5d72e60a2d79691.exe
-
Size
466KB
-
Sample
210722-59wz8rhm2s
-
MD5
c8bbdf9e3b59abed712d50939b1aba06
-
SHA1
d15a034d62161837581791b7fbf696259f0dceeb
-
SHA256
7a97d4b8f134c45154aedab0230867952cc203fd283dca4700258edc86efb1e9
-
SHA512
71b2480ea3a6b69d4a225d48b669beae1a864b3ce7521d4b34e5958d0ac9f8b511ba4acd8592fe3da5c91adaa02de8e807cd84979e535d307b3b7f71af74865c
Static task
static1
Behavioral task
behavioral1
Sample
3e2a1681fc8caef1b5d72e60a2d79691.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
3e2a1681fc8caef1b5d72e60a2d79691.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
PbQ)ubh9
Targets
-
-
Target
3e2a1681fc8caef1b5d72e60a2d79691.exe
-
Size
466KB
-
MD5
c8bbdf9e3b59abed712d50939b1aba06
-
SHA1
d15a034d62161837581791b7fbf696259f0dceeb
-
SHA256
7a97d4b8f134c45154aedab0230867952cc203fd283dca4700258edc86efb1e9
-
SHA512
71b2480ea3a6b69d4a225d48b669beae1a864b3ce7521d4b34e5958d0ac9f8b511ba4acd8592fe3da5c91adaa02de8e807cd84979e535d307b3b7f71af74865c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-