General
-
Target
Копија трансферног депозита 21_10_2021.exe
-
Size
829KB
-
Sample
211021-k8f6laaaf9
-
MD5
dd935f8a955277927e354112a64d5f0c
-
SHA1
271e6ff9cc2c3c260ab548365f521e91e84ac702
-
SHA256
cb09a8409d25766f18a76c939c7c90ca8c437df5fb8a3289388487f686fe51e5
-
SHA512
01e9ae0bbef8bf3e92cf9da6ebb1aa4d9895be171d6b94f11d4449a751c1d17f42eb77690ea24fb41994ba240d0d1ad352c64a9ee25d69489ff0d19a80645054
Static task
static1
Behavioral task
behavioral1
Sample
Копија трансферног депозита 21_10_2021.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Копија трансферног депозита 21_10_2021.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acpl.net.in - Port:
587 - Username:
qcesd@acpl.net.in - Password:
Hi~M)?*G~-Zd
Targets
-
-
Target
Копија трансферног депозита 21_10_2021.exe
-
Size
829KB
-
MD5
dd935f8a955277927e354112a64d5f0c
-
SHA1
271e6ff9cc2c3c260ab548365f521e91e84ac702
-
SHA256
cb09a8409d25766f18a76c939c7c90ca8c437df5fb8a3289388487f686fe51e5
-
SHA512
01e9ae0bbef8bf3e92cf9da6ebb1aa4d9895be171d6b94f11d4449a751c1d17f42eb77690ea24fb41994ba240d0d1ad352c64a9ee25d69489ff0d19a80645054
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-