General
-
Target
P44898408970-1.exe
-
Size
894KB
-
Sample
210722-6n31yfh9ax
-
MD5
fb06ed245f080393bbfe1ae577053085
-
SHA1
a003c960669f5a64ae182dcfc9d7185750a84f0d
-
SHA256
2f639103b3a2a16f0eacad22c7df0a037c3a45d74cfe09ce96f86e13fe74a1b8
-
SHA512
cf75bb4fe26c743c3e448700a7baccb233f82113562afd46836beebe0593a21adc34d15de9dfa7918a034b6b75a8e2a4c989391c1b3dcf08a17dc8b0983932e3
Static task
static1
Behavioral task
behavioral1
Sample
P44898408970-1.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
P44898408970-1.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
P44898408970-1.exe
-
Size
894KB
-
MD5
fb06ed245f080393bbfe1ae577053085
-
SHA1
a003c960669f5a64ae182dcfc9d7185750a84f0d
-
SHA256
2f639103b3a2a16f0eacad22c7df0a037c3a45d74cfe09ce96f86e13fe74a1b8
-
SHA512
cf75bb4fe26c743c3e448700a7baccb233f82113562afd46836beebe0593a21adc34d15de9dfa7918a034b6b75a8e2a4c989391c1b3dcf08a17dc8b0983932e3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-