General
-
Target
ab.exe
-
Size
631KB
-
Sample
210727-nwpbevelzn
-
MD5
a091ebf8c61dddc65a784ff3eecade72
-
SHA1
b3252b99b245f43e8f305b2e10dbd5bef8913aad
-
SHA256
7ea399cd5aa0fb559111e818e6241f40f6e33ea3f7c8fae3bcfd2903fb3f5b36
-
SHA512
8fe51ae8a265aed1c7e67f709b51885d6d29b7795fdfe582e4235b74470e193923636ba9c30a228c44c1d8e1a8168cbd186a259612860880f4ade8961a6bc1b8
Static task
static1
Behavioral task
behavioral1
Sample
ab.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ab.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sajbh.com - Port:
587 - Username:
accounts@sajbh.com - Password:
Saj@2014
Targets
-
-
Target
ab.exe
-
Size
631KB
-
MD5
a091ebf8c61dddc65a784ff3eecade72
-
SHA1
b3252b99b245f43e8f305b2e10dbd5bef8913aad
-
SHA256
7ea399cd5aa0fb559111e818e6241f40f6e33ea3f7c8fae3bcfd2903fb3f5b36
-
SHA512
8fe51ae8a265aed1c7e67f709b51885d6d29b7795fdfe582e4235b74470e193923636ba9c30a228c44c1d8e1a8168cbd186a259612860880f4ade8961a6bc1b8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-