General
-
Target
#20JML643.exe
-
Size
943KB
-
Sample
211025-g928nsgfcm
-
MD5
22872f4d32c9801fcfe832fe3dcf0561
-
SHA1
6c7891c126cd3b230887f916b461f5c6ceb163a8
-
SHA256
361cfcc65ffe2112687ddd9fd49ad22102d4bb83aa9afb40b04a3531d852f95a
-
SHA512
38084e825f42f49a01147ccaf98cb1e1de4cfd5dbeb46277999992ce0b9f72fa93bb45fb668b4bf5c94aa84473326d60258cb7b982341b844a0ebb28e7425b8d
Static task
static1
Behavioral task
behavioral1
Sample
#20JML643.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
#20JML643.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cabletraychina.com - Port:
587 - Username:
[email protected] - Password:
Jhdq2017#
Targets
-
-
Target
#20JML643.exe
-
Size
943KB
-
MD5
22872f4d32c9801fcfe832fe3dcf0561
-
SHA1
6c7891c126cd3b230887f916b461f5c6ceb163a8
-
SHA256
361cfcc65ffe2112687ddd9fd49ad22102d4bb83aa9afb40b04a3531d852f95a
-
SHA512
38084e825f42f49a01147ccaf98cb1e1de4cfd5dbeb46277999992ce0b9f72fa93bb45fb668b4bf5c94aa84473326d60258cb7b982341b844a0ebb28e7425b8d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-