General
-
Target
Doc-CS3.rar
-
Size
516KB
-
Sample
211014-fnbm6agahj
-
MD5
056bf6e26a5642bfba7d4467d929eb92
-
SHA1
963b34cef3e144d10643a935114e6e1645fd971b
-
SHA256
16d82530ebe9491a76946b33ca441bf9f61bb5cc4404611746775a3157e7bd43
-
SHA512
01ad2421cd17d1537a26e59b2bddc309da30d3abec6d2ac3af7302532b33c4b983bce0e1d710641da3badeaec629284b6a25651ffffe6c964ffec3c0e0dcd569
Static task
static1
Behavioral task
behavioral1
Sample
Doc-CS3.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Doc-CS3.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alraedsecurity.com - Port:
587 - Username:
tauseef@alraedsecurity.com - Password:
Alraed99pass@
Targets
-
-
Target
Doc-CS3.exe
-
Size
548KB
-
MD5
c9fa29e6e303450e5c9890518d27ebfa
-
SHA1
314d358046143e4d4dd88e3d7dc0db9e9b999947
-
SHA256
be91eb148b36528adb2b49362c50a099cf0cfbf5f1d5bd18ce88751b3c779ae6
-
SHA512
a634a6657ae92b28cbb6896c92cdaa5be866f12d5106523bb8363e290dbebfea0381cf08d1f7ec93a1d127ba551b2e80170383fee5f2a57bd3030e3da1aaedca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-