General
-
Target
Order_4768945.exe
-
Size
1.3MB
-
Sample
200624-sn571qcy76
-
MD5
25971cb7135f98d8c5d2856fe69e0979
-
SHA1
a4c3d67eed9f28d904f12a579bec88c3436e5009
-
SHA256
888a23aef242f26dcfdbe6591715d698ad3b1ed16b8946b31ff7e44da3ddead3
-
SHA512
a611ae222c3e25b19c3747421ad36bd10da31b45b222ab57b87d81fdcd26ab0e82bf4b36d92c212f020f39911dd4ea3d602104e797cca1591e083c240eec0bac
Static task
static1
Behavioral task
behavioral1
Sample
Order_4768945.exe
Resource
win7
Behavioral task
behavioral2
Sample
Order_4768945.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
export5@fufeng-grooup.com - Password:
K$pbkEK0
Targets
-
-
Target
Order_4768945.exe
-
Size
1.3MB
-
MD5
25971cb7135f98d8c5d2856fe69e0979
-
SHA1
a4c3d67eed9f28d904f12a579bec88c3436e5009
-
SHA256
888a23aef242f26dcfdbe6591715d698ad3b1ed16b8946b31ff7e44da3ddead3
-
SHA512
a611ae222c3e25b19c3747421ad36bd10da31b45b222ab57b87d81fdcd26ab0e82bf4b36d92c212f020f39911dd4ea3d602104e797cca1591e083c240eec0bac
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-