General
-
Target
b0a10bd27d48fea4e569797829057892
-
Size
861KB
-
Sample
210927-rwv8bahcdm
-
MD5
b0a10bd27d48fea4e569797829057892
-
SHA1
5909c3383e27a1c5e7edcadd5319b31d2813df12
-
SHA256
4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7
-
SHA512
76434b2b0731013ab311035f84986b9385ec2db89c178e74e7f7ec0987bbcfefebe4202756b50c922b30c5e69cc02c2bec4f92687b960cd299c5c4cb0521d290
Static task
static1
Behavioral task
behavioral1
Sample
b0a10bd27d48fea4e569797829057892.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
b0a10bd27d48fea4e569797829057892.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.airseaalliance.com - Port:
587 - Username:
admin@airseaalliance.com - Password:
CIRcumFerted221
Targets
-
-
Target
b0a10bd27d48fea4e569797829057892
-
Size
861KB
-
MD5
b0a10bd27d48fea4e569797829057892
-
SHA1
5909c3383e27a1c5e7edcadd5319b31d2813df12
-
SHA256
4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7
-
SHA512
76434b2b0731013ab311035f84986b9385ec2db89c178e74e7f7ec0987bbcfefebe4202756b50c922b30c5e69cc02c2bec4f92687b960cd299c5c4cb0521d290
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-