General
-
Target
Copy of BL.exe
-
Size
441KB
-
Sample
211023-ycdbqaddak
-
MD5
b6dc5b1776bdfef725e06a2819ea2a46
-
SHA1
50160a225f9d033927c36c18e3f9af16d9ef2b20
-
SHA256
ad0ff625602de6d4903009ec06874aec6ed9eb99b670c3639c3e2579db242ffc
-
SHA512
aec6946392f00c504d76b960e1470f26d59f00a10d501a33b2a1cf45ff49240eddf4869093c3ea93b7597484f089853ac8ed4a289a1dc82bb2bdeea26ab7607a
Static task
static1
Behavioral task
behavioral1
Sample
Copy of BL.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Copy of BL.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
sales@xxltrucck.com - Password:
zxcvbnm12345
Targets
-
-
Target
Copy of BL.exe
-
Size
441KB
-
MD5
b6dc5b1776bdfef725e06a2819ea2a46
-
SHA1
50160a225f9d033927c36c18e3f9af16d9ef2b20
-
SHA256
ad0ff625602de6d4903009ec06874aec6ed9eb99b670c3639c3e2579db242ffc
-
SHA512
aec6946392f00c504d76b960e1470f26d59f00a10d501a33b2a1cf45ff49240eddf4869093c3ea93b7597484f089853ac8ed4a289a1dc82bb2bdeea26ab7607a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-