General
-
Target
b063d4a9942d8b820ad62d2359d5263d.exe
-
Size
37KB
-
Sample
211014-gw2pzsgbfq
-
MD5
b063d4a9942d8b820ad62d2359d5263d
-
SHA1
ed42b11ac340a8b742ce61c2559b0154bcd75740
-
SHA256
25cb04e6ce30f98f9cad9aa1fab3682067d2fee08cc09fe7accf657b2df04a23
-
SHA512
a4890ca4489ca9ccf5271a957dee6e3e2bd9344189cb7096071b0d94fec007f623c83da614722b39229beaf5be1612d180767dc8110ef82262e7f7ae3e10623b
Static task
static1
Behavioral task
behavioral1
Sample
b063d4a9942d8b820ad62d2359d5263d.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b063d4a9942d8b820ad62d2359d5263d.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dpobumber.com - Port:
587 - Username:
dpo23@dpobumber.com - Password:
m~IzyO$8asT+
Targets
-
-
Target
b063d4a9942d8b820ad62d2359d5263d.exe
-
Size
37KB
-
MD5
b063d4a9942d8b820ad62d2359d5263d
-
SHA1
ed42b11ac340a8b742ce61c2559b0154bcd75740
-
SHA256
25cb04e6ce30f98f9cad9aa1fab3682067d2fee08cc09fe7accf657b2df04a23
-
SHA512
a4890ca4489ca9ccf5271a957dee6e3e2bd9344189cb7096071b0d94fec007f623c83da614722b39229beaf5be1612d180767dc8110ef82262e7f7ae3e10623b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-