General
-
Target
2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
-
Size
418KB
-
Sample
211018-gjq3qadbc6
-
MD5
4be25332520b26fccaf19093613142a8
-
SHA1
33c32233015f2621f62c060f2f343e19484bbbda
-
SHA256
2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
-
SHA512
b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3
Static task
static1
Behavioral task
behavioral1
Sample
2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lko-import.de - Port:
587 - Username:
[email protected] - Password:
TVMHSiW5
Targets
-
-
Target
2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
-
Size
418KB
-
MD5
4be25332520b26fccaf19093613142a8
-
SHA1
33c32233015f2621f62c060f2f343e19484bbbda
-
SHA256
2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c
-
SHA512
b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-