General
-
Target
Curriculum Vitae Milani.zip
-
Size
627KB
-
Sample
211019-vs3prsgca3
-
MD5
d87031e3437b195bdd7ccb000758a7c8
-
SHA1
1d198baf33f802025d7c10ac8a11836115201d0c
-
SHA256
cc45c999c8c450e4e9d7d9e40e79551e491ebdf849e147ec40ee8941c7dd9a8c
-
SHA512
2c90ae5c08c85e1323328d1a58e7745141fca8a2a80908a1797bb08a167d49f34c0bf54da11192d3ad679e65b0543643d0c5c1c27ffca52898f2ab05e963c6ae
Static task
static1
Behavioral task
behavioral1
Sample
IfF08zoTKQNagy0.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
IfF08zoTKQNagy0.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aishaautornation.com - Port:
587 - Username:
[email protected] - Password:
wOT@BBp9
Targets
-
-
Target
IfF08zoTKQNagy0.exe
-
Size
1.5MB
-
MD5
3289887c78f204985e5c13dd8936a9db
-
SHA1
dc66455dce4e80743545b3ea402e8e0f8c3ecc10
-
SHA256
62c3cafccdb3fcf9eaabbb2c6802bbd3c9bdba93a5fbf0f1ac9061a0e8023016
-
SHA512
642daaec4c3c42201ca391512c1c41a5b3ae9d142a664f7b2638179a59298b1b774796eced15d81057865bef4a4ff4e0712cc8975c2e53523fe7f25e6b1d32af
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-