General
-
Target
NEmxBGeYzpraeah.exe
-
Size
1.2MB
-
Sample
210728-61ekenhqpx
-
MD5
657832a090aa62e4bdc7d09c45cbd405
-
SHA1
1d7017040fa12bd7cfc515ec70650c4ef3997f7f
-
SHA256
0e85abb5a102d5e0534a65076ecf3c558b28564f89c1469e2ac095b7282bddc0
-
SHA512
5b83d21bbe12407b5bbbf0bbb12d824c6eafdd345df7c35e734ed6a571487ce96ce58b6bdb9e7882a4a0aa16a5e562b2f240ea4c36ad782d35c07253fc09aecb
Static task
static1
Behavioral task
behavioral1
Sample
NEmxBGeYzpraeah.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
NEmxBGeYzpraeah.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
[email protected] - Password:
transportes
Targets
-
-
Target
NEmxBGeYzpraeah.exe
-
Size
1.2MB
-
MD5
657832a090aa62e4bdc7d09c45cbd405
-
SHA1
1d7017040fa12bd7cfc515ec70650c4ef3997f7f
-
SHA256
0e85abb5a102d5e0534a65076ecf3c558b28564f89c1469e2ac095b7282bddc0
-
SHA512
5b83d21bbe12407b5bbbf0bbb12d824c6eafdd345df7c35e734ed6a571487ce96ce58b6bdb9e7882a4a0aa16a5e562b2f240ea4c36ad782d35c07253fc09aecb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-