General
-
Target
POINQUIRYRFQ676889.exe
-
Size
561KB
-
Sample
210915-hvcvxaaae9
-
MD5
53b0c3e53c10c0218e7cb62bec4f15c6
-
SHA1
b84d64fda9b2dc8eec7e7d2da47a38a8d43b4ed1
-
SHA256
d18a2a92ede457f61ce8bbf06fe5efa80cd086926cf32641326089e9da49de1b
-
SHA512
c07b80d92e60e31f2fc86184d647d4cec5c5ef6129eae59380a0fba5614ef8fc595212364da1f2a19ab86c035cce63d0e5104f8094ffacee8d3cd65cb76f6d2c
Static task
static1
Behavioral task
behavioral1
Sample
POINQUIRYRFQ676889.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
POINQUIRYRFQ676889.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bonfigliolli.com - Port:
587 - Username:
echezona@bonfigliolli.com - Password:
^vccXHY6
Targets
-
-
Target
POINQUIRYRFQ676889.exe
-
Size
561KB
-
MD5
53b0c3e53c10c0218e7cb62bec4f15c6
-
SHA1
b84d64fda9b2dc8eec7e7d2da47a38a8d43b4ed1
-
SHA256
d18a2a92ede457f61ce8bbf06fe5efa80cd086926cf32641326089e9da49de1b
-
SHA512
c07b80d92e60e31f2fc86184d647d4cec5c5ef6129eae59380a0fba5614ef8fc595212364da1f2a19ab86c035cce63d0e5104f8094ffacee8d3cd65cb76f6d2c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-