General
-
Target
975b9c5518e9839fd0c6ee927370edf2
-
Size
393KB
-
Sample
211020-h7s3naggb3
-
MD5
975b9c5518e9839fd0c6ee927370edf2
-
SHA1
ffbb62338e71abd66194f617987384709695576f
-
SHA256
00840aafbfed2ff9e6eb973b88a44763482c97f88b1f073c2bb63d28c7405e1f
-
SHA512
db804a7b60810f8de0c947371f9bd1c480db4aca6c8d7fbde1932156e111811c4b16874a3fd8674e1df0ae0bf3c55928d85a557abf4510cc5d43300c50346e30
Static task
static1
Behavioral task
behavioral1
Sample
975b9c5518e9839fd0c6ee927370edf2.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
975b9c5518e9839fd0c6ee927370edf2.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
FocusYourSEF@123
Targets
-
-
Target
975b9c5518e9839fd0c6ee927370edf2
-
Size
393KB
-
MD5
975b9c5518e9839fd0c6ee927370edf2
-
SHA1
ffbb62338e71abd66194f617987384709695576f
-
SHA256
00840aafbfed2ff9e6eb973b88a44763482c97f88b1f073c2bb63d28c7405e1f
-
SHA512
db804a7b60810f8de0c947371f9bd1c480db4aca6c8d7fbde1932156e111811c4b16874a3fd8674e1df0ae0bf3c55928d85a557abf4510cc5d43300c50346e30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-