General
-
Target
20211020 Copy of Customer transfer.exe
-
Size
518KB
-
Sample
211020-n4k6jahhek
-
MD5
8c8822a2a0b6329a010fa758ee7f3504
-
SHA1
387e696061c2cbd9c492e19dca1b5a427ef3eb82
-
SHA256
608662439f0e1f66bdaf62c1e0167a4e9d51c7aeabc8367b94c0f0b88daf2bb2
-
SHA512
cc7078dab3f65ecf176c8fd0d0e88971e935fdde1267eb2720b481f54e531ffc49d6fabb4f713c61acaab4571efc5ab7f559e61c10a5ee458f25f225dca20b0d
Static task
static1
Behavioral task
behavioral1
Sample
20211020 Copy of Customer transfer.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
20211020 Copy of Customer transfer.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
20211020 Copy of Customer transfer.exe
-
Size
518KB
-
MD5
8c8822a2a0b6329a010fa758ee7f3504
-
SHA1
387e696061c2cbd9c492e19dca1b5a427ef3eb82
-
SHA256
608662439f0e1f66bdaf62c1e0167a4e9d51c7aeabc8367b94c0f0b88daf2bb2
-
SHA512
cc7078dab3f65ecf176c8fd0d0e88971e935fdde1267eb2720b481f54e531ffc49d6fabb4f713c61acaab4571efc5ab7f559e61c10a5ee458f25f225dca20b0d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-