General
-
Target
order587458.exe
-
Size
408KB
-
Sample
200630-51qz86a8mx
-
MD5
f4305f4e50460977b0ff2431b9757439
-
SHA1
17742bda937de344a656ac5b743456b466ad8e6b
-
SHA256
4c72144a1bf6af1702d13a66880820fb987125f63216a40e627ad963b85eeb39
-
SHA512
b36d6a4ba3e98d398b4001862036fc1080ef52b7898bcec50fd2d0e43957aa7c44f3395e222bd1bec8b0cf95cdacac5e2b4d556535f42669f5c56a55e99fe3f7
Static task
static1
Behavioral task
behavioral1
Sample
order587458.exe
Resource
win7
Behavioral task
behavioral2
Sample
order587458.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
j.koskela@yandex.com - Password:
voice5&&*489
Targets
-
-
Target
order587458.exe
-
Size
408KB
-
MD5
f4305f4e50460977b0ff2431b9757439
-
SHA1
17742bda937de344a656ac5b743456b466ad8e6b
-
SHA256
4c72144a1bf6af1702d13a66880820fb987125f63216a40e627ad963b85eeb39
-
SHA512
b36d6a4ba3e98d398b4001862036fc1080ef52b7898bcec50fd2d0e43957aa7c44f3395e222bd1bec8b0cf95cdacac5e2b4d556535f42669f5c56a55e99fe3f7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-