General
-
Target
ConsoleApp15.exe
-
Size
140KB
-
Sample
211025-s16qaagda3
-
MD5
9c8282590f9bc40955ca14389309fe86
-
SHA1
078e9d1dfbad7293f96040454778134a2d124e4a
-
SHA256
2da74da0966fc748461e65e8e46d49f6fba1c50b3a7473df905205eec1fad3b9
-
SHA512
91aaf688307b946eab0b07564caf07fb197101eacc64000e33c3346a977a2cfb8fbad9049f7fc21ddcd4e90ac6bafde2e1111749c89be19c5ab0503037b244c6
Static task
static1
Behavioral task
behavioral1
Sample
ConsoleApp15.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ConsoleApp15.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sinyar.com - Port:
587 - Username:
[email protected] - Password:
Sin@254#Sa2
Targets
-
-
Target
ConsoleApp15.exe
-
Size
140KB
-
MD5
9c8282590f9bc40955ca14389309fe86
-
SHA1
078e9d1dfbad7293f96040454778134a2d124e4a
-
SHA256
2da74da0966fc748461e65e8e46d49f6fba1c50b3a7473df905205eec1fad3b9
-
SHA512
91aaf688307b946eab0b07564caf07fb197101eacc64000e33c3346a977a2cfb8fbad9049f7fc21ddcd4e90ac6bafde2e1111749c89be19c5ab0503037b244c6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-