General
-
Target
7ca0541b.exe
-
Size
783KB
-
Sample
211023-j1bepscbg4
-
MD5
c76f187107bee1ce2df352b05e630356
-
SHA1
2c4e9462828e90573965ea02efc1b22d4020cbe8
-
SHA256
7ca0541b2df62e8b9e2b7b81f0c151f93a9c630d3c31252856932a4a824d3100
-
SHA512
47db99c394dcf9ebd29d5e9058ef34e40bd09163de4473231aad48f3e6326954a8f11442d482e23c89e731bdfd3974f0aad17e3aaacbaca77730997f27851d3a
Static task
static1
Behavioral task
behavioral1
Sample
7ca0541b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
7ca0541b.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.electronmash.com - Port:
587 - Username:
[email protected] - Password:
Zanzibar2018
Targets
-
-
Target
7ca0541b.exe
-
Size
783KB
-
MD5
c76f187107bee1ce2df352b05e630356
-
SHA1
2c4e9462828e90573965ea02efc1b22d4020cbe8
-
SHA256
7ca0541b2df62e8b9e2b7b81f0c151f93a9c630d3c31252856932a4a824d3100
-
SHA512
47db99c394dcf9ebd29d5e9058ef34e40bd09163de4473231aad48f3e6326954a8f11442d482e23c89e731bdfd3974f0aad17e3aaacbaca77730997f27851d3a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-