General
-
Target
6ufxz8ps3Mbqhxn.exe
-
Size
644KB
-
Sample
210727-jbg3kakj46
-
MD5
c253f7490b6837696d2a3108063b1759
-
SHA1
5e638bdae86a9fa81e53085f345c117a21510c24
-
SHA256
3989e4bbaeab65af22040deae65366ea0b0091b8baf47093fe8147a8eb8187da
-
SHA512
73bf7b6be7b7fa727ce69203924989c5049b3daffc80f8404638f3010c0dab05e770f5362d8ba01521c89523a9c87ea52b4d976f60edcde34943a5c7cd71ef2d
Static task
static1
Behavioral task
behavioral1
Sample
6ufxz8ps3Mbqhxn.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6ufxz8ps3Mbqhxn.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
vor007@vivaldi.net - Password:
Temporal2018*
Targets
-
-
Target
6ufxz8ps3Mbqhxn.exe
-
Size
644KB
-
MD5
c253f7490b6837696d2a3108063b1759
-
SHA1
5e638bdae86a9fa81e53085f345c117a21510c24
-
SHA256
3989e4bbaeab65af22040deae65366ea0b0091b8baf47093fe8147a8eb8187da
-
SHA512
73bf7b6be7b7fa727ce69203924989c5049b3daffc80f8404638f3010c0dab05e770f5362d8ba01521c89523a9c87ea52b4d976f60edcde34943a5c7cd71ef2d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-