General
-
Target
zBHZhzCVMBLbH7M.exe
-
Size
413KB
-
Sample
211020-z413jahfb6
-
MD5
93a8e8650c365c2bd5b1bc94d65d8c30
-
SHA1
3790b9359c7eec1e1554401294171db53f1e304f
-
SHA256
8ec9d184c60520182a56b81909dee589b1409da5d32962008c2134fbc735e357
-
SHA512
f48e08fa95448fe280953058d71b119c155655a934010f7b08be4611539ce7de94f710a4ca45cf5ec347597ce8cfa6ef2878976d4c055296391e6c57033e7ab0
Static task
static1
Behavioral task
behavioral1
Sample
zBHZhzCVMBLbH7M.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
zBHZhzCVMBLbH7M.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
techorigin4560@gmail.com - Password:
sayyes123
Targets
-
-
Target
zBHZhzCVMBLbH7M.exe
-
Size
413KB
-
MD5
93a8e8650c365c2bd5b1bc94d65d8c30
-
SHA1
3790b9359c7eec1e1554401294171db53f1e304f
-
SHA256
8ec9d184c60520182a56b81909dee589b1409da5d32962008c2134fbc735e357
-
SHA512
f48e08fa95448fe280953058d71b119c155655a934010f7b08be4611539ce7de94f710a4ca45cf5ec347597ce8cfa6ef2878976d4c055296391e6c57033e7ab0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-