General
-
Target
MRKU8781602.exe
-
Size
612KB
-
Sample
210727-fjg7rsjyde
-
MD5
bbed19abf6b369658b6996317e2e2067
-
SHA1
b252760938e016ea408efb75cab44defa95a6b17
-
SHA256
eddc270558f27cf00441f9056ca98264e14708d8202647bb461c371e6db85cdb
-
SHA512
94021a9caceef74dc3d3bc62e39ca056c71ea8e01683f81cde451187007d3adc6ece3640490be0797c1e2f8e2d54a7ece3a7f528fea08de6b0fa86efd4534579
Static task
static1
Behavioral task
behavioral1
Sample
MRKU8781602.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MRKU8781602.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1633482536:AAF1JIS_DaayovuRrLGy_POYaI3DRc2CrPY/sendDocument
Targets
-
-
Target
MRKU8781602.exe
-
Size
612KB
-
MD5
bbed19abf6b369658b6996317e2e2067
-
SHA1
b252760938e016ea408efb75cab44defa95a6b17
-
SHA256
eddc270558f27cf00441f9056ca98264e14708d8202647bb461c371e6db85cdb
-
SHA512
94021a9caceef74dc3d3bc62e39ca056c71ea8e01683f81cde451187007d3adc6ece3640490be0797c1e2f8e2d54a7ece3a7f528fea08de6b0fa86efd4534579
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-