General
-
Target
qmfXCa40rlkrbw8.exe
-
Size
1009KB
-
Sample
210915-hh37bsaaa9
-
MD5
0f9c4f6cf696c0b5077579c144f04c4b
-
SHA1
df536c232366604e3258d1b0b4ce30732047d0a4
-
SHA256
d63716278fd0c99651d478478ac8951c5a17b632072afb5fe9dd6c6d4f43c911
-
SHA512
157d96457be90d25ea74cd14dbb19a2da7efb46196f2a886ac39531ed8bd7bb1c9d0952e0908fdf7cece3e6c2717ea3c6a94ce56ea61ab402c15a5c488a49602
Static task
static1
Behavioral task
behavioral1
Sample
qmfXCa40rlkrbw8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
qmfXCa40rlkrbw8.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1840149904:AAF9D1mm8ZITxzSWfLFbRBfwFML1TyPoOMk/sendDocument
Targets
-
-
Target
qmfXCa40rlkrbw8.exe
-
Size
1009KB
-
MD5
0f9c4f6cf696c0b5077579c144f04c4b
-
SHA1
df536c232366604e3258d1b0b4ce30732047d0a4
-
SHA256
d63716278fd0c99651d478478ac8951c5a17b632072afb5fe9dd6c6d4f43c911
-
SHA512
157d96457be90d25ea74cd14dbb19a2da7efb46196f2a886ac39531ed8bd7bb1c9d0952e0908fdf7cece3e6c2717ea3c6a94ce56ea61ab402c15a5c488a49602
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-