General
-
Target
JEA_6789054.exe
-
Size
1.4MB
-
Sample
200624-eyyg911xv6
-
MD5
7cd324d4ea008f7c5bad83233a011418
-
SHA1
34626f22de92b292d06f5cb4a44f18a9d55abeac
-
SHA256
77761e8530f70e653145a4736b03cc88abe3be089fbc2fec3eb294f4dc952377
-
SHA512
9c5dc1f53da4a5d5d66825f03b09064ca49b9aa130050f82a60d29f6c64a166c8abe1077fc30c5e9b006b56f5fe59d60ff108aa1423a63f4acf03cc1bf6204b2
Static task
static1
Behavioral task
behavioral1
Sample
JEA_6789054.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
JEA_6789054.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
barry@haulifeng.net - Password:
$WgsN%^7
Targets
-
-
Target
JEA_6789054.exe
-
Size
1.4MB
-
MD5
7cd324d4ea008f7c5bad83233a011418
-
SHA1
34626f22de92b292d06f5cb4a44f18a9d55abeac
-
SHA256
77761e8530f70e653145a4736b03cc88abe3be089fbc2fec3eb294f4dc952377
-
SHA512
9c5dc1f53da4a5d5d66825f03b09064ca49b9aa130050f82a60d29f6c64a166c8abe1077fc30c5e9b006b56f5fe59d60ff108aa1423a63f4acf03cc1bf6204b2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-