General
-
Target
nd.exe
-
Size
675KB
-
Sample
210727-p5da2ak5fx
-
MD5
8db61814f5bb74628dc686b25abc4405
-
SHA1
2c200f12ff8db7459ad09e0c437dbacb9d69e860
-
SHA256
6529564e7548962df1cc1c3ae72b01ab48d83df3e00f7278743788bffd05cb2f
-
SHA512
0858691cb55160334529976ed400b62ff5217adeb912d2d85d0ca51b166dabb2a14679217c30c7271cca97ed49fdcbd999115086ab8f194eeb90364a0e71a9b9
Static task
static1
Behavioral task
behavioral1
Sample
nd.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
nd.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp3.ines.ro - Port:
587 - Username:
vanzari@gerocossen.ro - Password:
GW!g&95W7rs
Targets
-
-
Target
nd.exe
-
Size
675KB
-
MD5
8db61814f5bb74628dc686b25abc4405
-
SHA1
2c200f12ff8db7459ad09e0c437dbacb9d69e860
-
SHA256
6529564e7548962df1cc1c3ae72b01ab48d83df3e00f7278743788bffd05cb2f
-
SHA512
0858691cb55160334529976ed400b62ff5217adeb912d2d85d0ca51b166dabb2a14679217c30c7271cca97ed49fdcbd999115086ab8f194eeb90364a0e71a9b9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-