General
-
Target
DOCUMENTS.exe
-
Size
459KB
-
Sample
201109-zq9l3rj19a
-
MD5
ab454b4f47b4848029dcc17081b020e5
-
SHA1
455a51a8baaf8e200ad26868763d616bcba760de
-
SHA256
33708f02e31c62d1b986589982e4e1c4f381089b67276d395a0e74c995a1e822
-
SHA512
e9f254a2ed7835a0b83553caab55347d99f51d7aeb4ee54fcfdc8dafc89a47feec9eb663d008f9ba40ee01b2e8f97c529cac3be4f282d863db07968a5f236a4a
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
midnapore@mpjewellers.com - Password:
mpjw2013
Targets
-
-
Target
DOCUMENTS.exe
-
Size
459KB
-
MD5
ab454b4f47b4848029dcc17081b020e5
-
SHA1
455a51a8baaf8e200ad26868763d616bcba760de
-
SHA256
33708f02e31c62d1b986589982e4e1c4f381089b67276d395a0e74c995a1e822
-
SHA512
e9f254a2ed7835a0b83553caab55347d99f51d7aeb4ee54fcfdc8dafc89a47feec9eb663d008f9ba40ee01b2e8f97c529cac3be4f282d863db07968a5f236a4a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-