General
-
Target
BL. NO. ANSMUNDAR3621.exe
-
Size
705KB
-
Sample
211023-bwtrgsgbek
-
MD5
5e4930b37a31c65525ec4e308a67fb7e
-
SHA1
c598d2e034dd4d1e1266b8d0f047cfd629b56ab9
-
SHA256
a96249e0df2c88e2e047ad332ba7d2755dd6f390d39afc67de05ddfa8726e53f
-
SHA512
86600dfb132d057a6f7fe4d644b8c3577ef83ed95e2986d4c2d3475c6af92db1eb7bb3ef6288b29b441e30443057c296838bb49e1980e0ed7dfafdff7a6968e4
Static task
static1
Behavioral task
behavioral1
Sample
BL. NO. ANSMUNDAR3621.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
BL. NO. ANSMUNDAR3621.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
webmaster@topfrozenfoodbrand.com - Password:
Chukwudim28@
Targets
-
-
Target
BL. NO. ANSMUNDAR3621.exe
-
Size
705KB
-
MD5
5e4930b37a31c65525ec4e308a67fb7e
-
SHA1
c598d2e034dd4d1e1266b8d0f047cfd629b56ab9
-
SHA256
a96249e0df2c88e2e047ad332ba7d2755dd6f390d39afc67de05ddfa8726e53f
-
SHA512
86600dfb132d057a6f7fe4d644b8c3577ef83ed95e2986d4c2d3475c6af92db1eb7bb3ef6288b29b441e30443057c296838bb49e1980e0ed7dfafdff7a6968e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-