General
-
Target
PO- 45020032 Juvél AS.exe
-
Size
550KB
-
Sample
210915-h5425saag9
-
MD5
87e06a108110f039431ca6054ded90c8
-
SHA1
0696b50c7de83f8cdc23dfecebcb5f62581edf98
-
SHA256
3f73be7622417491d8aec2845f0db1de3f5a3bba9052c1e5e8fa5c38f761c7c5
-
SHA512
a9705009d0319f5d282f1fd74d5a66d124f4ce925d113a9a5ab5b385e4de972580d8474c62e33d4f01043ff788cad5365b6e1b7dda8293a7704e17babb50c9ee
Static task
static1
Behavioral task
behavioral1
Sample
PO- 45020032 Juvél AS.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
PO- 45020032 Juvél AS.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
bumaye@epaindemgroup.com - Password:
gwcgMl3v
Targets
-
-
Target
PO- 45020032 Juvél AS.exe
-
Size
550KB
-
MD5
87e06a108110f039431ca6054ded90c8
-
SHA1
0696b50c7de83f8cdc23dfecebcb5f62581edf98
-
SHA256
3f73be7622417491d8aec2845f0db1de3f5a3bba9052c1e5e8fa5c38f761c7c5
-
SHA512
a9705009d0319f5d282f1fd74d5a66d124f4ce925d113a9a5ab5b385e4de972580d8474c62e33d4f01043ff788cad5365b6e1b7dda8293a7704e17babb50c9ee
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-