General
-
Target
74b1d4959a1a4fc749e7e58ae8b6442013bd21bcda958bb4da852692baf678b0
-
Size
580KB
-
Sample
220521-nxzeksece3
-
MD5
7aaef119b56d0811fd157833b5c8c88f
-
SHA1
7d3fe126a93826e06530c7efcad6f7a6c626e287
-
SHA256
74b1d4959a1a4fc749e7e58ae8b6442013bd21bcda958bb4da852692baf678b0
-
SHA512
478df7b5bfcfc0b066d6fc3b8b8d98f1b1d61ae990d68a50e26118066f8283d4488c08f9070895e73c0930a2898465fa4b248415a90ccf6f79c5fc461f223736
Static task
static1
Behavioral task
behavioral1
Sample
long overdue statement (5).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
long overdue statement (5).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.blc.com.np - Port:
587 - Username:
norviceducation@blc.com.np - Password:
bhuramal
Targets
-
-
Target
long overdue statement (5).exe
-
Size
634KB
-
MD5
84d9e5788b3eb0886e25add87470f9c7
-
SHA1
46ea388b91d174f9d20c5df37718df0b4bdd166a
-
SHA256
2791e882cf9c19fd8485165584afdccbeac1b7a5ae1781588ea02b7e5f856602
-
SHA512
6453e8e91a14e3ad6e90c604105ca9ddb907e61729ff8c4178f5683f3e59b7201c84a10c63e78f699dd13e852eb0cb9a6c1d736b75385533c2ea67bb457dfd3e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-