General
-
Target
ea4d96f213ca97ecc5dcbffe408ff2bf
-
Size
645KB
-
Sample
210727-j8gawecvta
-
MD5
ea4d96f213ca97ecc5dcbffe408ff2bf
-
SHA1
3b3cbeb4060970f0d349e6ec37a20cf1285800b7
-
SHA256
aa49a468dd184ec1ee4b126823e7c3dec0539e75b0736b6f2a24116fc33badb9
-
SHA512
ee8d48cef141b8b3ce84779eab1686ec474b0bcd786579c4494eb7ac9a0e4d868570499de735f2b300b76973e2cb5a06c1bd1f1645c4b2ea86a6731c2a5a7338
Static task
static1
Behavioral task
behavioral1
Sample
ea4d96f213ca97ecc5dcbffe408ff2bf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ea4d96f213ca97ecc5dcbffe408ff2bf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
max.mccanna@metaltek.me - Password:
GODGRACE12345
Targets
-
-
Target
ea4d96f213ca97ecc5dcbffe408ff2bf
-
Size
645KB
-
MD5
ea4d96f213ca97ecc5dcbffe408ff2bf
-
SHA1
3b3cbeb4060970f0d349e6ec37a20cf1285800b7
-
SHA256
aa49a468dd184ec1ee4b126823e7c3dec0539e75b0736b6f2a24116fc33badb9
-
SHA512
ee8d48cef141b8b3ce84779eab1686ec474b0bcd786579c4494eb7ac9a0e4d868570499de735f2b300b76973e2cb5a06c1bd1f1645c4b2ea86a6731c2a5a7338
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-