General
-
Target
z2tcOyqI7985wOo.exe
-
Size
673KB
-
Sample
210727-yyxe11l866
-
MD5
5d57a40ff54e66f72b06f0c581d2163e
-
SHA1
81c4a3c92234aeb9cc42c379327b7e566653d18e
-
SHA256
e1b8ac04414e9c6ad5899d525e6c8a7bafeccde2fb255fe4ed23c24afb721da0
-
SHA512
6667bc0d8e2e524815fe55fafe3d410a60172649588c9cb06d5a518e273861187c824fe5e9cce91d7692e486152c3b5c588cd98da1800d8c7e6a9fdecad6cc5a
Static task
static1
Behavioral task
behavioral1
Sample
z2tcOyqI7985wOo.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
z2tcOyqI7985wOo.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.agceram.com - Port:
587 - Username:
logs2@agceram.com - Password:
opVnsZA7
Targets
-
-
Target
z2tcOyqI7985wOo.exe
-
Size
673KB
-
MD5
5d57a40ff54e66f72b06f0c581d2163e
-
SHA1
81c4a3c92234aeb9cc42c379327b7e566653d18e
-
SHA256
e1b8ac04414e9c6ad5899d525e6c8a7bafeccde2fb255fe4ed23c24afb721da0
-
SHA512
6667bc0d8e2e524815fe55fafe3d410a60172649588c9cb06d5a518e273861187c824fe5e9cce91d7692e486152c3b5c588cd98da1800d8c7e6a9fdecad6cc5a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-