General
-
Target
97ed6cddaa33543d22927f1aa6a2ec08.exe
-
Size
454KB
-
Sample
211019-sn192agah6
-
MD5
97ed6cddaa33543d22927f1aa6a2ec08
-
SHA1
783ce0789f76af8cf1acda0cfb8b5e3b723f35a1
-
SHA256
9a9afba677dbf0bc1414700a609a6a4145e4bb2d07f4d4d672e34b2209a72f5c
-
SHA512
5fee374e467e98ba352a22633923fac6941cf63b514e07a20ba62981bf8805a3a2b4dbc33e1ef68c2ef7775848e98299310b772854b4cd7cde8fb66b634b7705
Static task
static1
Behavioral task
behavioral1
Sample
97ed6cddaa33543d22927f1aa6a2ec08.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
97ed6cddaa33543d22927f1aa6a2ec08.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
[email protected] - Password:
VilaVrgade852
Targets
-
-
Target
97ed6cddaa33543d22927f1aa6a2ec08.exe
-
Size
454KB
-
MD5
97ed6cddaa33543d22927f1aa6a2ec08
-
SHA1
783ce0789f76af8cf1acda0cfb8b5e3b723f35a1
-
SHA256
9a9afba677dbf0bc1414700a609a6a4145e4bb2d07f4d4d672e34b2209a72f5c
-
SHA512
5fee374e467e98ba352a22633923fac6941cf63b514e07a20ba62981bf8805a3a2b4dbc33e1ef68c2ef7775848e98299310b772854b4cd7cde8fb66b634b7705
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-