General
-
Target
21102021-0354674.scr
-
Size
518KB
-
Sample
211021-nrqkgsaca5
-
MD5
8dc7a88cf0ff7c60f2b8b63140982ae2
-
SHA1
5556bdde9767d411c94f46136a18434e1d0b33c0
-
SHA256
2416408f0c44630a0a34198b1f0cfcc39433230236cf8ab3e09ceba77a749467
-
SHA512
5e36248ec447eb6cba9080af198157c700c3e4f19693ebd1f97601db9809cb551b6cddcd9b766a0ec07c7479bf6c78529c1efbcc3c61c4a6a5cccc58bce99477
Static task
static1
Behavioral task
behavioral1
Sample
21102021-0354674.scr
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
21102021-0354674.scr
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tgxbd.com - Port:
587 - Username:
baki@tgxbd.com - Password:
&Pn1gy,6JKRC
Targets
-
-
Target
21102021-0354674.scr
-
Size
518KB
-
MD5
8dc7a88cf0ff7c60f2b8b63140982ae2
-
SHA1
5556bdde9767d411c94f46136a18434e1d0b33c0
-
SHA256
2416408f0c44630a0a34198b1f0cfcc39433230236cf8ab3e09ceba77a749467
-
SHA512
5e36248ec447eb6cba9080af198157c700c3e4f19693ebd1f97601db9809cb551b6cddcd9b766a0ec07c7479bf6c78529c1efbcc3c61c4a6a5cccc58bce99477
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-