General
-
Target
1.exe
-
Size
475KB
-
Sample
211021-j6epbaaac8
-
MD5
63272d6116e99e0ba7f0576eae74b73f
-
SHA1
d67eb4467ba29fda766d06f72e525e0f492744d6
-
SHA256
18835a65226f3e12ce4712f8c60afb32d1b87cc4938562e96ebdd87e9505807d
-
SHA512
3518a6f0dccd9e96008c70eda479fdb4da14784f090ab600fdb6a725648afbb972e7c69ab16c578dd5a2855c6217b7161f157de7048b3ff4f4eba434f1faa221
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gailanz.com - Port:
587 - Username:
champ.zhu@gailanz.com - Password:
l0j@cL$9t}Zw
Targets
-
-
Target
1.exe
-
Size
475KB
-
MD5
63272d6116e99e0ba7f0576eae74b73f
-
SHA1
d67eb4467ba29fda766d06f72e525e0f492744d6
-
SHA256
18835a65226f3e12ce4712f8c60afb32d1b87cc4938562e96ebdd87e9505807d
-
SHA512
3518a6f0dccd9e96008c70eda479fdb4da14784f090ab600fdb6a725648afbb972e7c69ab16c578dd5a2855c6217b7161f157de7048b3ff4f4eba434f1faa221
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-