General
-
Target
0ba7fc9dbbaac148179236aedbb5193eba1506769f139c0fba91c2d211c0c7b0
-
Size
1002KB
-
Sample
211018-ly65psdch5
-
MD5
c486642bfd8b58a3a417a77277412111
-
SHA1
71ef2fff00f5b2697189693f051b7671e55d1631
-
SHA256
0ba7fc9dbbaac148179236aedbb5193eba1506769f139c0fba91c2d211c0c7b0
-
SHA512
481b65dfd609245637a12ec01ead81ebffe92be3728b1fbda4662f272872c8df1da0b8423d6ae9f1c0f13b998440f921810a19fc1a85460d03cf227ab7cb0988
Static task
static1
Behavioral task
behavioral1
Sample
0ba7fc9dbbaac148179236aedbb5193eba1506769f139c0fba91c2d211c0c7b0.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lko-import.de - Port:
587 - Username:
[email protected] - Password:
TVMHSiW5
Targets
-
-
Target
0ba7fc9dbbaac148179236aedbb5193eba1506769f139c0fba91c2d211c0c7b0
-
Size
1002KB
-
MD5
c486642bfd8b58a3a417a77277412111
-
SHA1
71ef2fff00f5b2697189693f051b7671e55d1631
-
SHA256
0ba7fc9dbbaac148179236aedbb5193eba1506769f139c0fba91c2d211c0c7b0
-
SHA512
481b65dfd609245637a12ec01ead81ebffe92be3728b1fbda4662f272872c8df1da0b8423d6ae9f1c0f13b998440f921810a19fc1a85460d03cf227ab7cb0988
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-