General
-
Target
0b98910cd666d6c596b28611acb69f06ba1fee9bcc8af37103772ee1db7dd167
-
Size
417KB
-
Sample
220521-bcdk6abfg2
-
MD5
ceb804a39d1a275f7799282441068991
-
SHA1
b1ea418b0444c4b3b78a249527bf2d7abca850cc
-
SHA256
0b98910cd666d6c596b28611acb69f06ba1fee9bcc8af37103772ee1db7dd167
-
SHA512
2e713aee3e9937ad37016d58253045c91c6c5259bb80d524b7580ca4ce4f5fa4516c668836b0366d9271daeaa2a5a4796b3a442ef0f3eeb710a9d157d4e1b1ad
Static task
static1
Behavioral task
behavioral1
Sample
GSO-1367-27072020112017.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GSO-1367-27072020112017.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
%kHFH^!4
Targets
-
-
Target
GSO-1367-27072020112017.exe
-
Size
611KB
-
MD5
2d04103bda6d755fd47c94d6773574c1
-
SHA1
41cc7cde2fff3f79a7124545e5a449bd42db4e14
-
SHA256
8f93c794e02fbd006a5a7d2f929042819d7d5666ccb976ff248eef4dc6d2591e
-
SHA512
feb803979827b575b40b73710164cb2be368cf5800e253b1260f1afbf0eaf21b6dcb95456b1857ef7d4101dd6917a43362427bfe43765b242659958048c10e8d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-