General
-
Target
5934488425234432.zip
-
Size
768KB
-
Sample
210727-8ywlx8a252
-
MD5
b4e0241a2b357182f7c8d26d2e78dd14
-
SHA1
b1dca0b9563b2105edb81ca7a05dc9f4a5400e08
-
SHA256
d74b8e71e949871886f3aaa4fad46d9179486dfca5fc1e1cd78be292b338efe1
-
SHA512
b64b0c4c93ba4ae155dbb6ab77e2dc30afe4fb3d7bc45e6a7f037b5be22ef3d2018fbda531171ec2f53e2c3c6647ed6b9f05f54ce023f888012459dca7e57f39
Static task
static1
Behavioral task
behavioral1
Sample
Invoive-1434-9CF0010.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Invoive-1434-9CF0010.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.shakurjay.com - Port:
587 - Username:
shakur@shakurjay.com - Password:
zpwXtxm7
Targets
-
-
Target
Invoive-1434-9CF0010.exe
-
Size
971KB
-
MD5
bb69452c6d73c1fcfed935b1d1350d2e
-
SHA1
1de0031656783845d901f6e711f26ab92c31d739
-
SHA256
8b3d6e6b6858b30a3efc50c2ed1d4ed4f62a4451b2ffdb3f669ad69e79d55dc5
-
SHA512
94735b88d107c93dbc7c6787fd5d669e4318cbfddf794535bf68f9f5e7ee38c217bb16955819c2d513516b06880dae57f7e27328e37a8d8e83305c3e41f35973
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-