General
-
Target
8a56d6baa1eac6ca6208e74591221cbc
-
Size
763KB
-
Sample
210727-43e4g2k36j
-
MD5
8a56d6baa1eac6ca6208e74591221cbc
-
SHA1
9f057b5a90fdcee33dc2fa4f8f3424a3345186dd
-
SHA256
61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63
-
SHA512
7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597
Static task
static1
Behavioral task
behavioral1
Sample
8a56d6baa1eac6ca6208e74591221cbc.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8a56d6baa1eac6ca6208e74591221cbc.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chamara.kuruppu@organigram-ca.icu - Password:
HELPMEGOD@1321
Targets
-
-
Target
8a56d6baa1eac6ca6208e74591221cbc
-
Size
763KB
-
MD5
8a56d6baa1eac6ca6208e74591221cbc
-
SHA1
9f057b5a90fdcee33dc2fa4f8f3424a3345186dd
-
SHA256
61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63
-
SHA512
7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-