General
-
Target
P44898408970-1.zip
-
Size
506KB
-
Sample
210722-dcp8lgkzzx
-
MD5
0aa67c12db0e3ea16a183f2625b0b31d
-
SHA1
622ccf647f0d83a47de603fa584181736797ee54
-
SHA256
4a919c78e17213d98f10f49a921bf41164e6206e63bc3cbe487092b078189a0a
-
SHA512
af39d73aa09a80ba2d55d8e23edf0db82561f9f58a32bdc8f1d2b8fc394fd3d716f9be61ea79aef5e5c3fd19f8bd4ca1d0bb0745386940a7dc9ad9d1e9d908dc
Static task
static1
Behavioral task
behavioral1
Sample
P44898408970-1.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
P44898408970-1.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
P44898408970-1.exe
-
Size
894KB
-
MD5
fb06ed245f080393bbfe1ae577053085
-
SHA1
a003c960669f5a64ae182dcfc9d7185750a84f0d
-
SHA256
2f639103b3a2a16f0eacad22c7df0a037c3a45d74cfe09ce96f86e13fe74a1b8
-
SHA512
cf75bb4fe26c743c3e448700a7baccb233f82113562afd46836beebe0593a21adc34d15de9dfa7918a034b6b75a8e2a4c989391c1b3dcf08a17dc8b0983932e3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-