General
-
Target
dffee586afef4a31d3d2719eab0633ab801a369bf78e49a20d2fe8627cf58a8c
-
Size
626KB
-
Sample
220521-ntm75shbhp
-
MD5
b65fc96ff3d6a8bd3185401dc129dc9f
-
SHA1
787e47816cf3c8f23f474b1ea0918057b55f39aa
-
SHA256
dffee586afef4a31d3d2719eab0633ab801a369bf78e49a20d2fe8627cf58a8c
-
SHA512
65aaa68e9dcc7d246afe4507f7b4658a284ebb409ead880c55ad685d087cf442994d16fa1ad1535ffcddacece57ecfb866b7face3ed226292d895cd143b07f1e
Static task
static1
Behavioral task
behavioral1
Sample
OPOOOO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OPOOOO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.blc.com.np - Port:
587 - Username:
[email protected] - Password:
bhuramal
Targets
-
-
Target
OPOOOO.exe
-
Size
716KB
-
MD5
0a7e892a684a0953f1aeee6135029021
-
SHA1
08db31eba73e088d28813bed7a1175b38a62c5f6
-
SHA256
25fc942b81a074fe6b40b2f817fb87d28a54949bf604e54c414c890a351b83e4
-
SHA512
514db6a241cfbbd94afe8acd049b32c99b10ffd46e52092def7735fec085a12fbf55b2b9dc4bdf8c79a60033bbefdca0f2346a9c0d713f33e3a465ec89abb465
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-