General
-
Target
SecuriteInfo.com.Suspicious.Win32.Save.a.28039.22917
-
Size
1.1MB
-
Sample
211014-fkgd8sgbd8
-
MD5
1d4cd528f28caed7af200d3e9dec8c77
-
SHA1
4c6f45b6ea2db49d527a59125a77d6f2c6f3449b
-
SHA256
1f00546f3179546bedf70b587ca495c763e3987e426b0a2ef69c707b29144209
-
SHA512
02bedf550773630c0ef522a69df2eb451255a79cc94ef5fc0524929a548790e6f696440807534e2266377939a92759c7610c8bbe9ffab3afcd3c642f0dc97fd4
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Suspicious.Win32.Save.a.28039.22917.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Suspicious.Win32.Save.a.28039.22917.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.enerzi.co - Port:
587 - Username:
sales@enerzi.co - Password:
Enerzis@123!#
Targets
-
-
Target
SecuriteInfo.com.Suspicious.Win32.Save.a.28039.22917
-
Size
1.1MB
-
MD5
1d4cd528f28caed7af200d3e9dec8c77
-
SHA1
4c6f45b6ea2db49d527a59125a77d6f2c6f3449b
-
SHA256
1f00546f3179546bedf70b587ca495c763e3987e426b0a2ef69c707b29144209
-
SHA512
02bedf550773630c0ef522a69df2eb451255a79cc94ef5fc0524929a548790e6f696440807534e2266377939a92759c7610c8bbe9ffab3afcd3c642f0dc97fd4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-