General
-
Target
fa322b962d854050adb6c6546f7aaed5
-
Size
684KB
-
Sample
210727-9r4vtssvye
-
MD5
fa322b962d854050adb6c6546f7aaed5
-
SHA1
b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea
-
SHA256
cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02
-
SHA512
0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d
Static task
static1
Behavioral task
behavioral1
Sample
fa322b962d854050adb6c6546f7aaed5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fa322b962d854050adb6c6546f7aaed5.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
dutchgardenfoodservices@saleperson.icu - Password:
GOODGOD1234
Targets
-
-
Target
fa322b962d854050adb6c6546f7aaed5
-
Size
684KB
-
MD5
fa322b962d854050adb6c6546f7aaed5
-
SHA1
b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea
-
SHA256
cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02
-
SHA512
0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-