General
-
Target
c13206d0.exe
-
Size
949KB
-
Sample
211023-kb5gxscbh6
-
MD5
ca30044b80c7eb142fdb58d35199dee1
-
SHA1
d985cd5a87ce17612fab903b934caf86447115c2
-
SHA256
c13206d017b7aab500f5d5e7800ff25c9c09fde13e83f6511d444d19fcebf528
-
SHA512
a82bba62fcee4b9d72b57bc0f34933c068fd3b7ecfa3fe4579b0d4c8abbcfd3d2e4760f3c189f76b6901ffb526112d4dd1d1624ba7c7bba9e747bf1f38ca3449
Static task
static1
Behavioral task
behavioral1
Sample
c13206d0.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
c13206d0.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dellvidi.com - Port:
587 - Username:
merchant2@dellvidi.com - Password:
merchant2####
Targets
-
-
Target
c13206d0.exe
-
Size
949KB
-
MD5
ca30044b80c7eb142fdb58d35199dee1
-
SHA1
d985cd5a87ce17612fab903b934caf86447115c2
-
SHA256
c13206d017b7aab500f5d5e7800ff25c9c09fde13e83f6511d444d19fcebf528
-
SHA512
a82bba62fcee4b9d72b57bc0f34933c068fd3b7ecfa3fe4579b0d4c8abbcfd3d2e4760f3c189f76b6901ffb526112d4dd1d1624ba7c7bba9e747bf1f38ca3449
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-