General
-
Target
675899234.pdf.iso
-
Size
1.2MB
-
Sample
211022-ee4f5sbah9
-
MD5
0f6a790cdd86fce0f9480cb9cd192539
-
SHA1
22f825c7048b23a550553f77da5558c03381157f
-
SHA256
e3ca8c3d4b4af1e4b6f957ed75b7378cb955519f9523aa03741aaa606312a183
-
SHA512
eef19654b95836c1f1562046ed7d115f1f434066215c6824c5febe9b99549bce9387d41190dcef8e1ee54356e56750ec7a8f7d4a3c5e82bd1debb5cf5f01ea8b
Static task
static1
Behavioral task
behavioral1
Sample
67589923.EXE
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
67589923.EXE
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.vector-kl.com - Port:
587 - Username:
amin@vector-kl.com - Password:
AminVectorKL202)
Targets
-
-
Target
67589923.EXE
-
Size
594KB
-
MD5
9f7e59995263b92231ca69911bc9d20e
-
SHA1
a79d7e3f0a49ec5324d8631d41f46a833d3a520e
-
SHA256
3e8eb7a331ed3b1699d2138aecfa519cb744b9eccb52909420d3d3bed9a3ca05
-
SHA512
b9a1c3d87ad255ec7baa65665ac1b6004a737f0e411b89d38b8f8a796bbc9b882010fed2b4fec5b5b39f49dfc65718caafdcf569030d04d971631617c5a179e8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-