General
-
Target
7.exe
-
Size
742KB
-
Sample
211022-rkcxlabgb2
-
MD5
410c4edd367e20bd5e6b1ca597ed3ce3
-
SHA1
5eedafb2424eb9966bc68c895904973e288b2534
-
SHA256
ea9ce0413066f2fd1d2bdfc77e652171cf9bfaf40c39f19cee47e3a1c3f34ed9
-
SHA512
e725ed36f0e5daa1a997282489a78f0f3627e84734a98338c7379d6636f50c4cf49844dbdfc22b8538dd8e7f38d28f71e16cbbdb51d54fe0479dbc54053b115c
Static task
static1
Behavioral task
behavioral1
Sample
7.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
7.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bhgautopartes.com - Port:
587 - Username:
vedowhore@bhgautopartes.com - Password:
icui4cu2@@
Targets
-
-
Target
7.exe
-
Size
742KB
-
MD5
410c4edd367e20bd5e6b1ca597ed3ce3
-
SHA1
5eedafb2424eb9966bc68c895904973e288b2534
-
SHA256
ea9ce0413066f2fd1d2bdfc77e652171cf9bfaf40c39f19cee47e3a1c3f34ed9
-
SHA512
e725ed36f0e5daa1a997282489a78f0f3627e84734a98338c7379d6636f50c4cf49844dbdfc22b8538dd8e7f38d28f71e16cbbdb51d54fe0479dbc54053b115c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-