General
-
Target
oc.exe
-
Size
752KB
-
Sample
211019-zbs68agdb6
-
MD5
88a1a6045eb862e7132372ca4b878b65
-
SHA1
e59a5e2fecb6d1aa754a03be15d5b4d4085aba8d
-
SHA256
87e7172f434b6a013113600a3de424c566e9f8f63299ba0360664803f6245b3d
-
SHA512
a1791ae05cf09378003884e3cc318e9b4cda867ce4ef26a6566e2d63cfb2e97537de7619fe18c85d1dee8b8f73bb08776db3d04136075b14e44c8a0178acb74b
Static task
static1
Behavioral task
behavioral1
Sample
oc.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aivazibis.com - Port:
587 - Username:
[email protected] - Password:
l^svHAz9
Targets
-
-
Target
oc.exe
-
Size
752KB
-
MD5
88a1a6045eb862e7132372ca4b878b65
-
SHA1
e59a5e2fecb6d1aa754a03be15d5b4d4085aba8d
-
SHA256
87e7172f434b6a013113600a3de424c566e9f8f63299ba0360664803f6245b3d
-
SHA512
a1791ae05cf09378003884e3cc318e9b4cda867ce4ef26a6566e2d63cfb2e97537de7619fe18c85d1dee8b8f73bb08776db3d04136075b14e44c8a0178acb74b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-