General
-
Target
a32e674bcf37839c6632ea98bbef365e935a342a1fe746a1658261dd86d65c21
-
Size
1.1MB
-
Sample
211025-jbtjzsfgc7
-
MD5
752fc005d190553303f64c0facf5b44c
-
SHA1
331165e04f47e13f5c331bb0b94c8b9e7b40850e
-
SHA256
a32e674bcf37839c6632ea98bbef365e935a342a1fe746a1658261dd86d65c21
-
SHA512
57dcb98ca451053ade15e103bf0c3b44bb8158c375b11202e5995a39511f403817b09c75ac67b05f8d99ccd33690c429c43fc69e126f50a28ea883b0c0b88b07
Static task
static1
Behavioral task
behavioral1
Sample
a32e674bcf37839c6632ea98bbef365e935a342a1fe746a1658261dd86d65c21.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.xenonaslikno.gr - Port:
587 - Username:
[email protected] - Password:
Fox#UgJVGN#0X
Targets
-
-
Target
a32e674bcf37839c6632ea98bbef365e935a342a1fe746a1658261dd86d65c21
-
Size
1.1MB
-
MD5
752fc005d190553303f64c0facf5b44c
-
SHA1
331165e04f47e13f5c331bb0b94c8b9e7b40850e
-
SHA256
a32e674bcf37839c6632ea98bbef365e935a342a1fe746a1658261dd86d65c21
-
SHA512
57dcb98ca451053ade15e103bf0c3b44bb8158c375b11202e5995a39511f403817b09c75ac67b05f8d99ccd33690c429c43fc69e126f50a28ea883b0c0b88b07
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-