General
-
Target
TNT DOCUMENT.exe
-
Size
507KB
-
Sample
200731-trgckacx9s
-
MD5
75149b45dbd194d67dd279d0b322bdf8
-
SHA1
074f248b7f169d44b31dd38a348fdf08e5bad6a3
-
SHA256
f61ea2b82ddad99865b46c4a79b1f0e54c7ed82389fc3bbe5e346310b47f6355
-
SHA512
5bfe7bc12f36d56eb92e7eb85229e1fd7f31503f7a25c23dd33529d77ba94d47a3110f188ce979dfaaaaefbb38b39aa73ccd7ee322569decf6c4a40e4300e31f
Static task
static1
Behavioral task
behavioral1
Sample
TNT DOCUMENT.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
TNT DOCUMENT.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gamzyolowo@yandex.com - Password:
chikaaka1
Targets
-
-
Target
TNT DOCUMENT.exe
-
Size
507KB
-
MD5
75149b45dbd194d67dd279d0b322bdf8
-
SHA1
074f248b7f169d44b31dd38a348fdf08e5bad6a3
-
SHA256
f61ea2b82ddad99865b46c4a79b1f0e54c7ed82389fc3bbe5e346310b47f6355
-
SHA512
5bfe7bc12f36d56eb92e7eb85229e1fd7f31503f7a25c23dd33529d77ba94d47a3110f188ce979dfaaaaefbb38b39aa73ccd7ee322569decf6c4a40e4300e31f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-