General
-
Target
ADNOC DOCUMENTS.rar
-
Size
465KB
-
Sample
211019-jvqmfafdd3
-
MD5
37103341ec5b5776f9181b711c398c65
-
SHA1
0fe6c0cd7d4a00d87ee6b52b3cf9323ec79ced74
-
SHA256
741b738edb136abc66219d1ad8a4cbdbcc97f99d6ad85539a4881c39a0d62702
-
SHA512
e6b680ffeb3111334ca234d928bd9ebb392c3a35f305f94134b52d52b4d9cb859b6f9027e0a30606aa47cbe428d7b33a087eaf8cc4f07b81b81f6e9830e6f607
Static task
static1
Behavioral task
behavioral1
Sample
ADNOC DOCUMENTS.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ADNOC DOCUMENTS.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
!xgapua3
Targets
-
-
Target
ADNOC DOCUMENTS.exe
-
Size
694KB
-
MD5
cb84e6082cec4afda05807eb8c5d62e9
-
SHA1
ca66b1a86f68e660c428aa46ca6d00c226e72503
-
SHA256
a965a0da37d19d72e2a468560846917d1e69d396f6622c77103a1c25b26c1100
-
SHA512
2a21d2b4d4a8652806a3d90b183a9a7d41740904314543e74a50765be80fc67ff2804349a454c99b347d0552cf1556195c9bb42ec47baade3e41741eaff922c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-