General
-
Target
DmpaXFlZBIW2jGG.exe
-
Size
897KB
-
Sample
210722-sgcw3rbx7j
-
MD5
c665a5f0a16497e73f40203a95baa253
-
SHA1
0f69e08f761766d60a0884fc2b88258c78116322
-
SHA256
12cb2d376ff851b5fd9c84646c29c5a13e086e542d5c8c247ccd127247c7cb24
-
SHA512
58f6e7dc3c74a3970bb9ed2b38149dde01cbb39500d31dd43ae69f61979fdec6f0ed0a1981ec881b4eca6b3c87213e29eb9156d735200a96a5da15c13bf639d7
Static task
static1
Behavioral task
behavioral1
Sample
DmpaXFlZBIW2jGG.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DmpaXFlZBIW2jGG.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
webmaster@tccinfaes.com - Password:
transportes
Targets
-
-
Target
DmpaXFlZBIW2jGG.exe
-
Size
897KB
-
MD5
c665a5f0a16497e73f40203a95baa253
-
SHA1
0f69e08f761766d60a0884fc2b88258c78116322
-
SHA256
12cb2d376ff851b5fd9c84646c29c5a13e086e542d5c8c247ccd127247c7cb24
-
SHA512
58f6e7dc3c74a3970bb9ed2b38149dde01cbb39500d31dd43ae69f61979fdec6f0ed0a1981ec881b4eca6b3c87213e29eb9156d735200a96a5da15c13bf639d7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-