General
-
Target
Curriculum Vitae.zip
-
Size
375KB
-
Sample
211019-vlwymsgbh6
-
MD5
f39ec69c004c02bb2a3fa9722c9b31dd
-
SHA1
500495db7f2dd2dcbfd52b7a6452edda965195a3
-
SHA256
f88ec019aae2911745ec7982ec4205624b91b72b8c243f0ff70b43931b7f2ee5
-
SHA512
05b1133648c69ee585c4aa5bc0d5d4605b17a3de4ab9dc5a33f3d8c605c81b11c68eedbb943e4edae59b29d751d4830a8c68539516ee7114f82ae4eb5d2ef554
Static task
static1
Behavioral task
behavioral1
Sample
Curriculum Vitae.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Curriculum Vitae.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ofilsysterns.com - Port:
587 - Username:
[email protected] - Password:
@o^M)K*1
Targets
-
-
Target
Curriculum Vitae.exe
-
Size
401KB
-
MD5
e9a2e9f1ed8575797604981d5044e140
-
SHA1
490c2170713f8aec885ae67f5e9dbce7dcba24a7
-
SHA256
0283cabedfe0c400c64023384f84b80c7c289dd509f61b8aaded1d57ec61cab0
-
SHA512
328a2e366c7d8b2bf01562b2a3917ce35e46ac720d07f62a3401a7b9251ce75c687b98083b995e3f22c08b2fc3697c653d85f98ef61656962fe142ca7caa3dd7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-