General
-
Target
0c46c876f6b444739b4f4cbf6fc9a2f5
-
Size
683KB
-
Sample
210727-vv2wskjjzx
-
MD5
0c46c876f6b444739b4f4cbf6fc9a2f5
-
SHA1
e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98
-
SHA256
1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece
-
SHA512
fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45
Static task
static1
Behavioral task
behavioral1
Sample
0c46c876f6b444739b4f4cbf6fc9a2f5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0c46c876f6b444739b4f4cbf6fc9a2f5.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
davide.montorro@arss-it.me - Password:
HOPEFULYETLost@1989
Targets
-
-
Target
0c46c876f6b444739b4f4cbf6fc9a2f5
-
Size
683KB
-
MD5
0c46c876f6b444739b4f4cbf6fc9a2f5
-
SHA1
e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98
-
SHA256
1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece
-
SHA512
fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-