General
-
Target
Images.exe
-
Size
973KB
-
Sample
210727-pmdacha8d2
-
MD5
82489381d072392f3075161bbb1ec8b8
-
SHA1
5ac44b1ad6d31f14e22013792aed5033af1bed97
-
SHA256
2307054debb98d7c9ca5b5fbce5ca1210c49563dbe01d2fa28cc24099a2db022
-
SHA512
e53d7c446b87211327033139b6d0b539ed7aa0d2db660eaa44ad3d96499a03a26e96a887c47250c7ee685ae7a7bd3cc71aa49097c10ba6371f928a2cdf2c402d
Static task
static1
Behavioral task
behavioral1
Sample
Images.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Images.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nuntai-tw.com - Port:
587 - Username:
greta@nuntai-tw.com - Password:
tanga333
Targets
-
-
Target
Images.exe
-
Size
973KB
-
MD5
82489381d072392f3075161bbb1ec8b8
-
SHA1
5ac44b1ad6d31f14e22013792aed5033af1bed97
-
SHA256
2307054debb98d7c9ca5b5fbce5ca1210c49563dbe01d2fa28cc24099a2db022
-
SHA512
e53d7c446b87211327033139b6d0b539ed7aa0d2db660eaa44ad3d96499a03a26e96a887c47250c7ee685ae7a7bd3cc71aa49097c10ba6371f928a2cdf2c402d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-