General
-
Target
86cd3688ed1a46971debbe78462e7da1
-
Size
1.6MB
-
Sample
210726-eyehfyygj2
-
MD5
86cd3688ed1a46971debbe78462e7da1
-
SHA1
d917469c6eaa9d012d914fe5278bd2c5603d083c
-
SHA256
efe1e2dfcb71640bc73b4627dcafebf3a71fc45b6118f6ecf5997f3796d993b8
-
SHA512
1222d70ece3ebd335552146b6de06070ecb393d127f066eed140b386ed6635c6fa3f056db3a30c2c2894112a624fcb5a2b62415a9edb04929d6810872d6d6209
Static task
static1
Behavioral task
behavioral1
Sample
86cd3688ed1a46971debbe78462e7da1.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
86cd3688ed1a46971debbe78462e7da1.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
aguffey@tpsovans.com - Password:
PbQ)ubh9
Targets
-
-
Target
86cd3688ed1a46971debbe78462e7da1
-
Size
1.6MB
-
MD5
86cd3688ed1a46971debbe78462e7da1
-
SHA1
d917469c6eaa9d012d914fe5278bd2c5603d083c
-
SHA256
efe1e2dfcb71640bc73b4627dcafebf3a71fc45b6118f6ecf5997f3796d993b8
-
SHA512
1222d70ece3ebd335552146b6de06070ecb393d127f066eed140b386ed6635c6fa3f056db3a30c2c2894112a624fcb5a2b62415a9edb04929d6810872d6d6209
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-