General
-
Target
47ae8e27e126f88f937ff6e6efb7cf96
-
Size
1.2MB
-
Sample
210728-lqmrrt2yz2
-
MD5
47ae8e27e126f88f937ff6e6efb7cf96
-
SHA1
85ee4bea24d0bbce0d663703581ef94433847dca
-
SHA256
ff6cb70170510fd46c809872416202ba82469dfcbd469714247460a3114c35c5
-
SHA512
933ee00a937859dcb6ae627dd8dfe2588b57b53a9b55bbd831f9f15efc7a64b4c3eb8d0a5fafb8e44812afd50fb517e0b241673171bf0e2f09f5c6389b2da249
Static task
static1
Behavioral task
behavioral1
Sample
47ae8e27e126f88f937ff6e6efb7cf96.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
47ae8e27e126f88f937ff6e6efb7cf96.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
cjcurrent@5000
Targets
-
-
Target
47ae8e27e126f88f937ff6e6efb7cf96
-
Size
1.2MB
-
MD5
47ae8e27e126f88f937ff6e6efb7cf96
-
SHA1
85ee4bea24d0bbce0d663703581ef94433847dca
-
SHA256
ff6cb70170510fd46c809872416202ba82469dfcbd469714247460a3114c35c5
-
SHA512
933ee00a937859dcb6ae627dd8dfe2588b57b53a9b55bbd831f9f15efc7a64b4c3eb8d0a5fafb8e44812afd50fb517e0b241673171bf0e2f09f5c6389b2da249
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-