General
-
Target
dc6a5d1b3accb015fe2b6f91176c57c5
-
Size
828KB
-
Sample
210722-v6mpzrtr8e
-
MD5
dc6a5d1b3accb015fe2b6f91176c57c5
-
SHA1
4abcf45cb20f5f228ca0e93a375bfc1d6638ede1
-
SHA256
60f621808e2a3de0ba3b655874bf321da0505b147dea66aa340c8a2a126f9e23
-
SHA512
064ce83f4aa04721ee7626a5a1f9b2d3452f58988e31db54b697fbf86dc2eea455a045715f40471e8f4625f9fd488fe3b608607d5cd1d0d56b6dbdab11679f0e
Static task
static1
Behavioral task
behavioral1
Sample
dc6a5d1b3accb015fe2b6f91176c57c5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
dc6a5d1b3accb015fe2b6f91176c57c5.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
dc6a5d1b3accb015fe2b6f91176c57c5
-
Size
828KB
-
MD5
dc6a5d1b3accb015fe2b6f91176c57c5
-
SHA1
4abcf45cb20f5f228ca0e93a375bfc1d6638ede1
-
SHA256
60f621808e2a3de0ba3b655874bf321da0505b147dea66aa340c8a2a126f9e23
-
SHA512
064ce83f4aa04721ee7626a5a1f9b2d3452f58988e31db54b697fbf86dc2eea455a045715f40471e8f4625f9fd488fe3b608607d5cd1d0d56b6dbdab11679f0e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-