General
-
Target
URGENT QUOTATION.exe
-
Size
508KB
-
Sample
200731-yxm16la2ds
-
MD5
dea8833080c88a64a95c32da75770f3f
-
SHA1
46634b02970ee3b2691c2c77cbd5b166e3c423ef
-
SHA256
3da8fe1015271b37d118f7e35569efabc9565031c4b23e0f7e6cc5319ffb2087
-
SHA512
bd0319161d8d509158505acf41116c4d5bb7223eac086e460d4f804102e17a9c94b2778469d06d72e78ae457b3898eda4e12752d642a874f619de855790cc326
Static task
static1
Behavioral task
behavioral1
Sample
URGENT QUOTATION.exe
Resource
win7
Behavioral task
behavioral2
Sample
URGENT QUOTATION.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gamzyolowo@yandex.com - Password:
chikaaka1
Targets
-
-
Target
URGENT QUOTATION.exe
-
Size
508KB
-
MD5
dea8833080c88a64a95c32da75770f3f
-
SHA1
46634b02970ee3b2691c2c77cbd5b166e3c423ef
-
SHA256
3da8fe1015271b37d118f7e35569efabc9565031c4b23e0f7e6cc5319ffb2087
-
SHA512
bd0319161d8d509158505acf41116c4d5bb7223eac086e460d4f804102e17a9c94b2778469d06d72e78ae457b3898eda4e12752d642a874f619de855790cc326
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-