General
-
Target
3e5d2d4506ae65ba5f541bdcd55bc27d
-
Size
689KB
-
Sample
210726-87qgx3rm5s
-
MD5
3e5d2d4506ae65ba5f541bdcd55bc27d
-
SHA1
286ab885a7616c48b614b7df6aeae119d57c9b02
-
SHA256
a7d774cedf27c9fe62ecd68b359cf5e51e70533e932a9827bbeadd074513ecef
-
SHA512
29ae7deae6172efa6a247c358c838a9c5f37b93ce51e4840ec7f7d5aaaa137869de23309908374df46553fb1ce60e610dcb8186bb5df6e1fab5f74f4c928a844
Static task
static1
Behavioral task
behavioral1
Sample
3e5d2d4506ae65ba5f541bdcd55bc27d.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3e5d2d4506ae65ba5f541bdcd55bc27d.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ccsp-india.com - Port:
587 - Username:
vehicle@ccsp-india.com - Password:
Lkp$CcsP1008
Targets
-
-
Target
3e5d2d4506ae65ba5f541bdcd55bc27d
-
Size
689KB
-
MD5
3e5d2d4506ae65ba5f541bdcd55bc27d
-
SHA1
286ab885a7616c48b614b7df6aeae119d57c9b02
-
SHA256
a7d774cedf27c9fe62ecd68b359cf5e51e70533e932a9827bbeadd074513ecef
-
SHA512
29ae7deae6172efa6a247c358c838a9c5f37b93ce51e4840ec7f7d5aaaa137869de23309908374df46553fb1ce60e610dcb8186bb5df6e1fab5f74f4c928a844
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-