General
-
Target
003837828.exe
-
Size
1.4MB
-
Sample
200624-lez77jz6ae
-
MD5
88c4d1dc3561ecc79ce1805006a46a03
-
SHA1
c7a4c9e513e22e9dcae05f5e25ccf3b96fb613b3
-
SHA256
a4ae21742866df21e5b94b11a9384eb72393c38a8d49fc9fa786298b3a406710
-
SHA512
c29dd21db6789c4de1132b6605be35f4e796cb0aa16cf0f8d7383f0eba49b55decf7cbf516b83b476724fde271a1617f4328cfbea7919acadb7f770cf3a0e432
Static task
static1
Behavioral task
behavioral1
Sample
003837828.exe
Resource
win7
Behavioral task
behavioral2
Sample
003837828.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.seagull.com.pk - Port:
587 - Username:
seagull@seagull.com.pk - Password:
SyeD@1969
Targets
-
-
Target
003837828.exe
-
Size
1.4MB
-
MD5
88c4d1dc3561ecc79ce1805006a46a03
-
SHA1
c7a4c9e513e22e9dcae05f5e25ccf3b96fb613b3
-
SHA256
a4ae21742866df21e5b94b11a9384eb72393c38a8d49fc9fa786298b3a406710
-
SHA512
c29dd21db6789c4de1132b6605be35f4e796cb0aa16cf0f8d7383f0eba49b55decf7cbf516b83b476724fde271a1617f4328cfbea7919acadb7f770cf3a0e432
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Drops startup file
-
Suspicious use of SetThreadContext
-