General
-
Target
Docu_001220778003833_20102021.exe
-
Size
831KB
-
Sample
211022-n3fvesbeg7
-
MD5
a1f4d1ffb6dbcc768b27f7b9fc8ab0bc
-
SHA1
843988c2715972c709d61afb101efd11f00be8ef
-
SHA256
3da13730415f09c07260e029a2e36f2a9c92d9f85f86d0c2879659f28e2cf83a
-
SHA512
4dd2cfd06accb0c4f49425304950baf79cea33d76fc8831cfa20c76a0e8cfd1a89ac623d6f3e13a146778fb8be516aa3425abfb760b544244f4af8e338afafb1
Static task
static1
Behavioral task
behavioral1
Sample
Docu_001220778003833_20102021.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Docu_001220778003833_20102021.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acpl.net.in - Port:
587 - Username:
qcesd@acpl.net.in - Password:
Hi~M)?*G~-Zd
Targets
-
-
Target
Docu_001220778003833_20102021.exe
-
Size
831KB
-
MD5
a1f4d1ffb6dbcc768b27f7b9fc8ab0bc
-
SHA1
843988c2715972c709d61afb101efd11f00be8ef
-
SHA256
3da13730415f09c07260e029a2e36f2a9c92d9f85f86d0c2879659f28e2cf83a
-
SHA512
4dd2cfd06accb0c4f49425304950baf79cea33d76fc8831cfa20c76a0e8cfd1a89ac623d6f3e13a146778fb8be516aa3425abfb760b544244f4af8e338afafb1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-