General
-
Target
Ref 4359-0201-106.034.exe
-
Size
749KB
-
Sample
210727-wr9pek4d32
-
MD5
b494cae2a5d2841dfc30166f2420b591
-
SHA1
02d3c49ab6714d37974031ac5236b285a251668c
-
SHA256
3a121fe0868a35e1b49b0d37241d04bcef95d9b34bcd3b33736857c9b59c846d
-
SHA512
ba5d8bf08d7c8b549c728893261468c789ca0965c4fb301e64ac0f21e23687c0d6ebd13c25d2745aad6078636be09bfb4c741992a610b4156617dd676551e16b
Static task
static1
Behavioral task
behavioral1
Sample
Ref 4359-0201-106.034.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Ref 4359-0201-106.034.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ombakparadise.com - Port:
587 - Username:
ce@ombakparadise.com - Password:
ce$%^mirah
Targets
-
-
Target
Ref 4359-0201-106.034.exe
-
Size
749KB
-
MD5
b494cae2a5d2841dfc30166f2420b591
-
SHA1
02d3c49ab6714d37974031ac5236b285a251668c
-
SHA256
3a121fe0868a35e1b49b0d37241d04bcef95d9b34bcd3b33736857c9b59c846d
-
SHA512
ba5d8bf08d7c8b549c728893261468c789ca0965c4fb301e64ac0f21e23687c0d6ebd13c25d2745aad6078636be09bfb4c741992a610b4156617dd676551e16b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-