General
-
Target
531af324.exe
-
Size
500KB
-
Sample
211023-js9mjacbf8
-
MD5
2d556ef398f471f9c4a9eaa0577ae09d
-
SHA1
c0a2c971dc6ee872f00deb6410a575267ad5986e
-
SHA256
531af3241354cb2bec2efc2281e3b094d962d8a1e887fa17c328766ba6096675
-
SHA512
42e5a607770aa41e29906497c85108f7bee1f2f2e2438ba4444c51dcf3d222cec9fde1ab0b0e1927a796e54c8b34af4e5651ca9d40c2a11b363242fd21fb2bb2
Static task
static1
Behavioral task
behavioral1
Sample
531af324.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
531af324.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
margaridasantos@tccinfaes.com - Password:
TccBps1427log
Targets
-
-
Target
531af324.exe
-
Size
500KB
-
MD5
2d556ef398f471f9c4a9eaa0577ae09d
-
SHA1
c0a2c971dc6ee872f00deb6410a575267ad5986e
-
SHA256
531af3241354cb2bec2efc2281e3b094d962d8a1e887fa17c328766ba6096675
-
SHA512
42e5a607770aa41e29906497c85108f7bee1f2f2e2438ba4444c51dcf3d222cec9fde1ab0b0e1927a796e54c8b34af4e5651ca9d40c2a11b363242fd21fb2bb2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-