General
-
Target
5109343368413184.zip
-
Size
617KB
-
Sample
210727-bd6znzhtex
-
MD5
ffee81e7f39c6e47d5a63bac09dff2de
-
SHA1
1febc4e9b96c8d9cb53cbd3bdf6dd542df3f4b4a
-
SHA256
c5ac196d88b4a5acfd9d2278df2129e4034518263526e84eb8e0c8617dde63be
-
SHA512
aee3050503c96c0bb4afcba126295e919498692d2056aeaffb9df221445d1eb1a9218443fe5a2e912384e8f9a9e10f80bbe4bfd96b130fe6e19af39f27676782
Static task
static1
Behavioral task
behavioral1
Sample
2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sidlewtex.com - Port:
587 - Username:
sales@sidlewtex.com - Password:
swyvt(K2
Targets
-
-
Target
2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01
-
Size
1012KB
-
MD5
0d369ff4696ecb4abbccc7eabe5711b8
-
SHA1
9ad99109bd4e3a87c3a22026c71debefcd97b907
-
SHA256
2bef0c5c20d349645940b6645431990aa3b9cc845f5d89a7c91cf5d7a9275a01
-
SHA512
fed89f204acccde867f1b8dabcf10f5edcd56b5811e10db061dcf90b9c2c796fb2afa85d2feeffc28f77e772e724ba37a95dab44cc843b1fdcf6441f5b0a442d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-