General
-
Target
download (1).exe
-
Size
1.3MB
-
Sample
210728-phmc95yjrs
-
MD5
5819570ce690a94f419bc55388fbe380
-
SHA1
4c9fef3a3293aa038ee09c934911e2ba1923ee7d
-
SHA256
1d41fc65447b81c51361cb610956897beb82f059249e29bc1f47ae2fd0e1218a
-
SHA512
160cee8b7006c69441acff77ba77b2fbb295c005bf924654858192e063a6f8f57c391f528585d0cfb62aef16a991d8ec36f5380f6339a1cb6c8eac416d288c75
Static task
static1
Behavioral task
behavioral1
Sample
download (1).exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
quutsuozucrxskyo
Targets
-
-
Target
download (1).exe
-
Size
1.3MB
-
MD5
5819570ce690a94f419bc55388fbe380
-
SHA1
4c9fef3a3293aa038ee09c934911e2ba1923ee7d
-
SHA256
1d41fc65447b81c51361cb610956897beb82f059249e29bc1f47ae2fd0e1218a
-
SHA512
160cee8b7006c69441acff77ba77b2fbb295c005bf924654858192e063a6f8f57c391f528585d0cfb62aef16a991d8ec36f5380f6339a1cb6c8eac416d288c75
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-