General
-
Target
a5da6bea30981185e9dadaaa06ccf45b.exe
-
Size
493KB
-
Sample
210722-nrxbzszdva
-
MD5
a5da6bea30981185e9dadaaa06ccf45b
-
SHA1
3166d96dc5c719df87abc726ee1b8785ef8ee7d8
-
SHA256
efb3cc17330b519d970353a2f8da8ab9a10abbed7fb5ac099bd4ed575ba21fa5
-
SHA512
e96090c6cd989cccb310d40401bde54eb5db77a2311d5d12b04471cce56d7af589d079230566f0dab873ff80d89319f846a2c6f4e9adfdf9a925361c19df33f0
Static task
static1
Behavioral task
behavioral1
Sample
a5da6bea30981185e9dadaaa06ccf45b.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a5da6bea30981185e9dadaaa06ccf45b.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1846829589:AAHSsEDTKvDOQ17YrNRY5_FXv5z4mpfGRIc/sendDocument
Targets
-
-
Target
a5da6bea30981185e9dadaaa06ccf45b.exe
-
Size
493KB
-
MD5
a5da6bea30981185e9dadaaa06ccf45b
-
SHA1
3166d96dc5c719df87abc726ee1b8785ef8ee7d8
-
SHA256
efb3cc17330b519d970353a2f8da8ab9a10abbed7fb5ac099bd4ed575ba21fa5
-
SHA512
e96090c6cd989cccb310d40401bde54eb5db77a2311d5d12b04471cce56d7af589d079230566f0dab873ff80d89319f846a2c6f4e9adfdf9a925361c19df33f0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-