General
-
Target
67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
-
Size
1.0MB
-
Sample
211025-jerjssggak
-
MD5
67d11389f8d2c4dc8a0fd1cf62dec2aa
-
SHA1
f0f1e579c6740b18855adc02bc8c800667648d9c
-
SHA256
f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad
-
SHA512
4bda7f26e015fca265d2b201351b93369d30ef4ab08e2d759ac29a67a485b62f723daf6ee570005ea42d4d2ea47e961ed8ae9c5383ac114e3aa5b9732c0d200e
Static task
static1
Behavioral task
behavioral1
Sample
67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lko-import.de - Port:
587 - Username:
[email protected] - Password:
TVMHSiW5
Targets
-
-
Target
67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
-
Size
1.0MB
-
MD5
67d11389f8d2c4dc8a0fd1cf62dec2aa
-
SHA1
f0f1e579c6740b18855adc02bc8c800667648d9c
-
SHA256
f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad
-
SHA512
4bda7f26e015fca265d2b201351b93369d30ef4ab08e2d759ac29a67a485b62f723daf6ee570005ea42d4d2ea47e961ed8ae9c5383ac114e3aa5b9732c0d200e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-