General
-
Target
5101889050017792.zip
-
Size
962KB
-
Sample
210726-hl3d748mde
-
MD5
2d8aa31556950f676b85dd8bbd421d3f
-
SHA1
f6a5039ceea2fe447c2f8d03bc63570915a7689f
-
SHA256
b1c03a9ebf7d2e0b6083bf979159af06a7449ba7551674ec1cfda05c0b2f16bf
-
SHA512
3f1e41ace5df13a17a54540f0094beadb5cf2277a87621145d56e9847eddbe368f64a1cf41ce0fa58ca5adaa5d28ab43f6744453f83ebad2d5a3956b2e2df799
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Consignment Details.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
http://6llion.com//inc/cbc38431b42dd0.php
Targets
-
-
Target
Consignment Details.exe
-
Size
1.1MB
-
MD5
890a8a2e14292586f963871fc5467cc9
-
SHA1
e4a5c3ba74c7e20814c6de8c254d96663f2bd2de
-
SHA256
c5076cfbad60581baea1cd2e129c832da3f6f616902490c0877132411473a9ac
-
SHA512
606542a87bad7d06e05d18e646edd0a7e3816b0c376fb58d2397a9370026e677a8d5a525f1bf45ebc9d83bb61231c002b991a1371a34f440669d8e5a8ea4bf1c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-