General
-
Target
02_extracted.exe
-
Size
1.4MB
-
Sample
200624-dy1hak6vse
-
MD5
aa6b21d6aba228278fbd1241622fcf58
-
SHA1
989ebf5b8719cfc24f01168f21f4d1183bc476ad
-
SHA256
e149a102d8d46f836240231143538c91f2d4bf6f4dc37fbd3cc20d0813ddcdb8
-
SHA512
ccc4f4a07f4913d3a87822622e94b00510a481487b72a1621c0e587c9b31d56f2819f545d2a63456e79424ac2ec72bcd0ace8d6e63d1670bb508060c796b3426
Static task
static1
Behavioral task
behavioral1
Sample
02_extracted.exe
Resource
win7
Behavioral task
behavioral2
Sample
02_extracted.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
flexo.verat.net - Port:
587 - Username:
olalekan@afc.rs - Password:
lekan@123
Targets
-
-
Target
02_extracted.exe
-
Size
1.4MB
-
MD5
aa6b21d6aba228278fbd1241622fcf58
-
SHA1
989ebf5b8719cfc24f01168f21f4d1183bc476ad
-
SHA256
e149a102d8d46f836240231143538c91f2d4bf6f4dc37fbd3cc20d0813ddcdb8
-
SHA512
ccc4f4a07f4913d3a87822622e94b00510a481487b72a1621c0e587c9b31d56f2819f545d2a63456e79424ac2ec72bcd0ace8d6e63d1670bb508060c796b3426
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-