General
-
Target
70654 SSEBACT.exe
-
Size
425KB
-
Sample
211020-mst4maghd6
-
MD5
d091b52256537e80e25c3f59918bf605
-
SHA1
e11c107fc1db49c3507f82a4cda09152933f1660
-
SHA256
e8bc8d3153a2c062963162ee1692fa67d84ddbb28bb4accc2673a99315f3068c
-
SHA512
9b103b91dbb1092ac524cb76455d50fd32e24634e85d79a64fd28a232f7c504f2b63996449bf4940676d6ae9ba37dd6b3976a6ac2945678fbc637d52afccdfa5
Static task
static1
Behavioral task
behavioral1
Sample
70654 SSEBACT.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
70654 SSEBACT.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.timsonlogisticske.com - Port:
587 - Username:
[email protected] - Password:
timsam2015
Targets
-
-
Target
70654 SSEBACT.exe
-
Size
425KB
-
MD5
d091b52256537e80e25c3f59918bf605
-
SHA1
e11c107fc1db49c3507f82a4cda09152933f1660
-
SHA256
e8bc8d3153a2c062963162ee1692fa67d84ddbb28bb4accc2673a99315f3068c
-
SHA512
9b103b91dbb1092ac524cb76455d50fd32e24634e85d79a64fd28a232f7c504f2b63996449bf4940676d6ae9ba37dd6b3976a6ac2945678fbc637d52afccdfa5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-