General
-
Target
JEA_567432.exe
-
Size
1.3MB
-
Sample
200624-vr86sn2p62
-
MD5
8611f136427ea738e84f352699d9d02d
-
SHA1
40ab3916078fe48612287874753790bf57aaf0d8
-
SHA256
014c63995ab8a581d36147558e3952078075055ccfd3fc3608c9601131b2ee37
-
SHA512
1ba99eb64935cf7683cfdf6e8c054ad4466e196db653dfb0688d11fb1c1a5b0fabb6800f259dc4cf11d2fcce2989e2a4bba7c2c55b77cf8f217cb81c404b8fa2
Static task
static1
Behavioral task
behavioral1
Sample
JEA_567432.exe
Resource
win7
Behavioral task
behavioral2
Sample
JEA_567432.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
JEA_567432.exe
-
Size
1.3MB
-
MD5
8611f136427ea738e84f352699d9d02d
-
SHA1
40ab3916078fe48612287874753790bf57aaf0d8
-
SHA256
014c63995ab8a581d36147558e3952078075055ccfd3fc3608c9601131b2ee37
-
SHA512
1ba99eb64935cf7683cfdf6e8c054ad4466e196db653dfb0688d11fb1c1a5b0fabb6800f259dc4cf11d2fcce2989e2a4bba7c2c55b77cf8f217cb81c404b8fa2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-