General
-
Target
SKM-492529641769427.exe
-
Size
280KB
-
Sample
211021-nc5qvsbafm
-
MD5
cfe10af037457a861e4d9d961833934d
-
SHA1
f18ba9fda50f44e59773b5a5d2bd9914bba2dfd9
-
SHA256
ef2833e4a9105c4bc75c7eb02d8acf6daf867f1806ca5df324266d53d6127a47
-
SHA512
2235ee924b26cf257805bada6f5a7f9dc3b9ddea14345c8da32fdd36a7543cadc10b13c361673e7b66df61751ae47cfe0a06ea7d31f572a637bb472c3c15828c
Static task
static1
Behavioral task
behavioral1
Sample
SKM-492529641769427.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SKM-492529641769427.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1900836728:AAEDyoYbBJwtt1EA4hdgRlGTN1cq760KPNU/sendDocument
Targets
-
-
Target
SKM-492529641769427.exe
-
Size
280KB
-
MD5
cfe10af037457a861e4d9d961833934d
-
SHA1
f18ba9fda50f44e59773b5a5d2bd9914bba2dfd9
-
SHA256
ef2833e4a9105c4bc75c7eb02d8acf6daf867f1806ca5df324266d53d6127a47
-
SHA512
2235ee924b26cf257805bada6f5a7f9dc3b9ddea14345c8da32fdd36a7543cadc10b13c361673e7b66df61751ae47cfe0a06ea7d31f572a637bb472c3c15828c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-