General
-
Target
Specification Requirement.001.002_003_0555.exe
-
Size
902KB
-
Sample
210722-bb9qz48m9s
-
MD5
a0a630a119b19ef3d8e9987371121373
-
SHA1
583201161f8032ea1045eaa46741262ca2c90474
-
SHA256
b2708f388708fd87b4b362bc00be90494d27daa7cbd4624907501b2553473ff4
-
SHA512
d1616290e99fa7f7449168410402eee60d8badf15ce4d51cd47c49d2650c82bed2902865f115787058b267fd2874c0400ae8792ae3ee9a2a8ea9c099949f7cf6
Static task
static1
Behavioral task
behavioral1
Sample
Specification Requirement.001.002_003_0555.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Specification Requirement.001.002_003_0555.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
purchase@oly-jay.com - Password:
jaymoni1987
Targets
-
-
Target
Specification Requirement.001.002_003_0555.exe
-
Size
902KB
-
MD5
a0a630a119b19ef3d8e9987371121373
-
SHA1
583201161f8032ea1045eaa46741262ca2c90474
-
SHA256
b2708f388708fd87b4b362bc00be90494d27daa7cbd4624907501b2553473ff4
-
SHA512
d1616290e99fa7f7449168410402eee60d8badf15ce4d51cd47c49d2650c82bed2902865f115787058b267fd2874c0400ae8792ae3ee9a2a8ea9c099949f7cf6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-