General
-
Target
pedido072821.rar
-
Size
532KB
-
Sample
210728-3f8qz1tx4e
-
MD5
4e954d40bf4292efc6fd27536cc21903
-
SHA1
90026d7e8c13e96eddc2d1c5d502315614808829
-
SHA256
dd3b902d361a2d665d9c138506fc6abf38c82d2e80050918826b0b07cbb5c392
-
SHA512
5980f8824503a491584765e9bc37eb5356ffd7a16a25ead7fb2764a76d24e0c1d0b6571b180365958c251f775cd726d76b3fde9c48600f293f28345ba43dec4e
Static task
static1
Behavioral task
behavioral1
Sample
pedido072821.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
[email protected] - Password:
JesusChrist007
Targets
-
-
Target
pedido072821.exe
-
Size
711KB
-
MD5
1786ed7eac98dd6710556dc1ce7f89eb
-
SHA1
c63bd5bd0586eefa1d58b8c43b0bbff36f57eae9
-
SHA256
8aa98bc1c4bc764c59a44eeab651813a2302ff87e555fcea986a75b031eb3b84
-
SHA512
ff079fa6043e24ec23e352d6c60e21e1ce7d232f6ce9c704060107de80900aaf33d6f9f3f554d9f04500e95375b69f98ee240c3ed883cd8c23b464e6d13e410d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-