General
-
Target
c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
-
Size
1.1MB
-
Sample
211019-scqn6aghgq
-
MD5
c1b4b9ffcd81e9a4516400f9fc38a4d3
-
SHA1
3605dec02e7f6480262eb5cae77ada772324bb2b
-
SHA256
4ed0b0474741e959230eb8a17efbc5e0db94fba7f46499596dd6359b4cf16637
-
SHA512
f7ff356b06b1eb2f9babc850727907748c50b5868a241a6b4746e92104d806c67b3034a73559a2ca0819c6e4b66e17e1bbcd856ba7ca4d16d3f283e827dd0c5e
Static task
static1
Behavioral task
behavioral1
Sample
c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lko-import.de - Port:
587 - Username:
[email protected] - Password:
TVMHSiW5
Targets
-
-
Target
c1b4b9ffcd81e9a4516400f9fc38a4d3.exe
-
Size
1.1MB
-
MD5
c1b4b9ffcd81e9a4516400f9fc38a4d3
-
SHA1
3605dec02e7f6480262eb5cae77ada772324bb2b
-
SHA256
4ed0b0474741e959230eb8a17efbc5e0db94fba7f46499596dd6359b4cf16637
-
SHA512
f7ff356b06b1eb2f9babc850727907748c50b5868a241a6b4746e92104d806c67b3034a73559a2ca0819c6e4b66e17e1bbcd856ba7ca4d16d3f283e827dd0c5e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-