General
-
Target
Remittance_Copy.exe
-
Size
622KB
-
Sample
210915-js9mjadcaj
-
MD5
8a0568bcc84dd094d5d0f40d2fddaf19
-
SHA1
430b42b9fc40e038c636df5bae9135c86aa941a7
-
SHA256
b8072fa4c996469237d87f00bf119f5f5f20b5dc120aea78c92c1230802af4a3
-
SHA512
5fb79fbb2e589d55aa7be37da73f034d9918d61c9114100225e4908953a86137d691167ec5e93b76173a7684b41b9b342928cef6015bd3ed09bdced4074e6144
Static task
static1
Behavioral task
behavioral1
Sample
Remittance_Copy.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Remittance_Copy.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agrosolvent.com - Port:
587 - Username:
it@agrosolvent.com - Password:
lifeline123
Targets
-
-
Target
Remittance_Copy.exe
-
Size
622KB
-
MD5
8a0568bcc84dd094d5d0f40d2fddaf19
-
SHA1
430b42b9fc40e038c636df5bae9135c86aa941a7
-
SHA256
b8072fa4c996469237d87f00bf119f5f5f20b5dc120aea78c92c1230802af4a3
-
SHA512
5fb79fbb2e589d55aa7be37da73f034d9918d61c9114100225e4908953a86137d691167ec5e93b76173a7684b41b9b342928cef6015bd3ed09bdced4074e6144
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-