General
-
Target
560748a34effbbf951daf3b8ca24289f
-
Size
671KB
-
Sample
210727-8nx1ytlzqn
-
MD5
560748a34effbbf951daf3b8ca24289f
-
SHA1
806be19d38b6260b2fc574a990bf146485e44ab9
-
SHA256
56d24e5d0336a8aefcaab14ba38932966d7f69c46ea874ab8d7565ea6de94a7d
-
SHA512
2cc73578715f8d107f48a5db6b82b295ff746feb56e1b42f3ec6ac79ca897f96bab1aa1577b72d3fbdb314e474d1316fc3b0dcd721669431bb4c508f05de364b
Static task
static1
Behavioral task
behavioral1
Sample
560748a34effbbf951daf3b8ca24289f.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
560748a34effbbf951daf3b8ca24289f.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chamara.kuruppu@organigram-ca.icu - Password:
HELPMEGOD@1321
Targets
-
-
Target
560748a34effbbf951daf3b8ca24289f
-
Size
671KB
-
MD5
560748a34effbbf951daf3b8ca24289f
-
SHA1
806be19d38b6260b2fc574a990bf146485e44ab9
-
SHA256
56d24e5d0336a8aefcaab14ba38932966d7f69c46ea874ab8d7565ea6de94a7d
-
SHA512
2cc73578715f8d107f48a5db6b82b295ff746feb56e1b42f3ec6ac79ca897f96bab1aa1577b72d3fbdb314e474d1316fc3b0dcd721669431bb4c508f05de364b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-