General
-
Target
EiQHjXTm0aKck3P.exe
-
Size
734KB
-
Sample
211019-l4jllaffc8
-
MD5
fb3ba91147904673815403296b913d4c
-
SHA1
69659c7484b5221d0c64ed7b55aab636f61266f5
-
SHA256
2d23264cbb640e6d74b527f68ac05d12aea8647ccdeb6e592e5e399bf0f2fa57
-
SHA512
cd4f7fa5e6ae6c2faff4fa030aa9791257042d24cf67c7ff9497029e8ae803e14ddd73d655d991b4ef3b04fecb6b12f253466a9be21e32288a593b147935108c
Static task
static1
Behavioral task
behavioral1
Sample
EiQHjXTm0aKck3P.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
EiQHjXTm0aKck3P.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hoteltalabart.cat - Port:
587 - Username:
[email protected] - Password:
Jackdaniels_1
Targets
-
-
Target
EiQHjXTm0aKck3P.exe
-
Size
734KB
-
MD5
fb3ba91147904673815403296b913d4c
-
SHA1
69659c7484b5221d0c64ed7b55aab636f61266f5
-
SHA256
2d23264cbb640e6d74b527f68ac05d12aea8647ccdeb6e592e5e399bf0f2fa57
-
SHA512
cd4f7fa5e6ae6c2faff4fa030aa9791257042d24cf67c7ff9497029e8ae803e14ddd73d655d991b4ef3b04fecb6b12f253466a9be21e32288a593b147935108c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-