General
-
Target
4a9c536d.exe
-
Size
742KB
-
Sample
211023-jr9wxadbcr
-
MD5
9d4223f3d591d637560cab84f1423256
-
SHA1
be4ccc37f91857a0f8f3fc88934f5788ce48ff2c
-
SHA256
4a9c536d52f1f4f5c386866c763ecf23089fe4133da7894a04f3b14c624c87d7
-
SHA512
2dd55308a438c12a0b93b35d8877260055484a1fae30a61e3c550113c5c96c835214c5166972e4b16434dfe478f35213bef7deb365be4cf3ada62dfb4c56850a
Static task
static1
Behavioral task
behavioral1
Sample
4a9c536d.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
4a9c536d.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.italfood.ae - Port:
587 - Username:
admin@italfood.ae - Password:
aDmin@IT$732
Targets
-
-
Target
4a9c536d.exe
-
Size
742KB
-
MD5
9d4223f3d591d637560cab84f1423256
-
SHA1
be4ccc37f91857a0f8f3fc88934f5788ce48ff2c
-
SHA256
4a9c536d52f1f4f5c386866c763ecf23089fe4133da7894a04f3b14c624c87d7
-
SHA512
2dd55308a438c12a0b93b35d8877260055484a1fae30a61e3c550113c5c96c835214c5166972e4b16434dfe478f35213bef7deb365be4cf3ada62dfb4c56850a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-