General
-
Target
S2107Item.exe
-
Size
758KB
-
Sample
210722-bhg55h4xze
-
MD5
f868c1e77be92a2bdcecd727781b39c2
-
SHA1
ab1a4db47be725a80e4b03b9f5caf9dae8f680e5
-
SHA256
089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a
-
SHA512
a119990847418efe72c3388b51ce7c4d7547e6f446d0aa16c8ab4dc9e6d56e7ea3b8861465eb44990ed1e6a8390b1d754503b3c4fa4502e5eab957996cf6e7ec
Static task
static1
Behavioral task
behavioral1
Sample
S2107Item.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
S2107Item.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.logoffices.com - Port:
587 - Username:
cc@logoffices.com - Password:
QAZqaz123@
Targets
-
-
Target
S2107Item.exe
-
Size
758KB
-
MD5
f868c1e77be92a2bdcecd727781b39c2
-
SHA1
ab1a4db47be725a80e4b03b9f5caf9dae8f680e5
-
SHA256
089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a
-
SHA512
a119990847418efe72c3388b51ce7c4d7547e6f446d0aa16c8ab4dc9e6d56e7ea3b8861465eb44990ed1e6a8390b1d754503b3c4fa4502e5eab957996cf6e7ec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-