General
-
Target
REMITANCE ADVICE.exe
-
Size
624KB
-
Sample
210727-43ynsfa3pa
-
MD5
eaed910ec2f38b480c809a8ddda95b4f
-
SHA1
c6944445e143600f3a63f6cd2d3fb34dd8a2e48f
-
SHA256
ca007259e84050359f90079e2dd6d6ebde31872f64f65fcd47ce01531e7b6bb3
-
SHA512
5aa1fe035e98b6112bc3b62baaf89ada770a9f279381a5a13e2bb129280bb45e8390aa753b12638cf4acf8bb2f4ab628680ab909ca5ec76348cea3e470351491
Static task
static1
Behavioral task
behavioral1
Sample
REMITANCE ADVICE.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
REMITANCE ADVICE.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
REMITANCE ADVICE.exe
-
Size
624KB
-
MD5
eaed910ec2f38b480c809a8ddda95b4f
-
SHA1
c6944445e143600f3a63f6cd2d3fb34dd8a2e48f
-
SHA256
ca007259e84050359f90079e2dd6d6ebde31872f64f65fcd47ce01531e7b6bb3
-
SHA512
5aa1fe035e98b6112bc3b62baaf89ada770a9f279381a5a13e2bb129280bb45e8390aa753b12638cf4acf8bb2f4ab628680ab909ca5ec76348cea3e470351491
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-