General
-
Target
PM114079-990528.zip
-
Size
542KB
-
Sample
210728-dxbnw3mh5x
-
MD5
23b7536e5535d7149a19550ef29f162d
-
SHA1
d14e4c39eb5d8e9ce37f172541b9e1b511b6ec71
-
SHA256
f9dd6bbbd740f9fd93278383f410ad849653ec7b594c0005d70e6b1827f4b0ed
-
SHA512
a71b5b74eaaf6c6051dfa3db55c427d054c54938946000e5d0df0a9e81647d5ffadb7e9568b6af04b5ed8fb7a620816371265e5d3f67d49a30a2a3e456e946a2
Static task
static1
Behavioral task
behavioral1
Sample
PM114079-990528.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PM114079-990528.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.worldlinkcolombo.net - Port:
587 - Username:
[email protected] - Password:
FBF8TNIO60WI6615677789
Targets
-
-
Target
PM114079-990528.exe
-
Size
761KB
-
MD5
e78b9a4ecd3c23cc7191b2510ec7f43d
-
SHA1
e2e63c6feafd3d4dcd33667a6a5311df3ee89b43
-
SHA256
5e3530721b76f0a3c0ed75b87df2d34b942601845a3bb9c04fdc82efe956463d
-
SHA512
9e3625605509e671c950f8294b6c494e2f11c511eadc41a0befe21545ac6d4605d2e88760eb293c7d9d7630a853b34596ba0d52f1b206fa0a39d1d6074aee802
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-