General
-
Target
9PynloBGqHebwTI.exe
-
Size
835KB
-
Sample
210727-g1adxz4byn
-
MD5
4767054a1b8210baf87d01af18f428dd
-
SHA1
bc465fe25171f3f8c1bddee36f62ee768e8faf7a
-
SHA256
e8c4c52fc84b28da5711b4913aa57d206e31e3f7f0f089cebc2b632e20e84027
-
SHA512
97fb806434bb4e5b97441a4a00270b2170e5abc53e3aadb30f949d642ec6aa9d72678bda780031a9e2822cdc038e89b6fefd202e294bc64ce103c576a6741290
Static task
static1
Behavioral task
behavioral1
Sample
9PynloBGqHebwTI.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9PynloBGqHebwTI.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.agceram.com - Port:
587 - Username:
logs2@agceram.com - Password:
opVnsZA7
Targets
-
-
Target
9PynloBGqHebwTI.exe
-
Size
835KB
-
MD5
4767054a1b8210baf87d01af18f428dd
-
SHA1
bc465fe25171f3f8c1bddee36f62ee768e8faf7a
-
SHA256
e8c4c52fc84b28da5711b4913aa57d206e31e3f7f0f089cebc2b632e20e84027
-
SHA512
97fb806434bb4e5b97441a4a00270b2170e5abc53e3aadb30f949d642ec6aa9d72678bda780031a9e2822cdc038e89b6fefd202e294bc64ce103c576a6741290
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-