General
-
Target
SecuriteInfo.com.Win32.32289.26241
-
Size
511KB
-
Sample
210223-7k5jyhqhg2
-
MD5
c59f71a02c13a01d95bf37c095895748
-
SHA1
59c60b6a90cec4676afcc55a1397409e9d54b792
-
SHA256
983c358590898925db49d1d6a731b54d37c76760267664be45a7dc00646cff60
-
SHA512
f3ce51dfaefb5ca303c9facf646581af0ca7e823a0bc1f13bbd927a394ba701a82a5d188726fb6c6471928d1d2469b499654520fb5eadf264f8d0b49cd5059a0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.32289.26241.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.32289.26241.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
jason.samtani@rxcleco.com - Password:
@Mexico1.,
Targets
-
-
Target
SecuriteInfo.com.Win32.32289.26241
-
Size
511KB
-
MD5
c59f71a02c13a01d95bf37c095895748
-
SHA1
59c60b6a90cec4676afcc55a1397409e9d54b792
-
SHA256
983c358590898925db49d1d6a731b54d37c76760267664be45a7dc00646cff60
-
SHA512
f3ce51dfaefb5ca303c9facf646581af0ca7e823a0bc1f13bbd927a394ba701a82a5d188726fb6c6471928d1d2469b499654520fb5eadf264f8d0b49cd5059a0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-