General
-
Target
a867bf2ac0805f9542092208284b3eb22fc9d2a73f90d08cdcabc794592cc578
-
Size
742KB
-
Sample
211108-nhw1xabhd3
-
MD5
9dcb608ed0cf8fcf1bf1b88b62b72b40
-
SHA1
adfa1855a0968d6db3463810cf9aa3b41ae470f3
-
SHA256
a867bf2ac0805f9542092208284b3eb22fc9d2a73f90d08cdcabc794592cc578
-
SHA512
96b51b503a6261e66f41a547c9c7082561d8fcae2871d084fb6473ae57f3f4aa206ae12eb69cfe13818a860d2beac5b4f123928017002b28404123861e054a60
Static task
static1
Behavioral task
behavioral1
Sample
a867bf2ac0805f9542092208284b3eb22fc9d2a73f90d08cdcabc794592cc578.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
phantom1248@yandex.com - Password:
newbeginning
Targets
-
-
Target
a867bf2ac0805f9542092208284b3eb22fc9d2a73f90d08cdcabc794592cc578
-
Size
742KB
-
MD5
9dcb608ed0cf8fcf1bf1b88b62b72b40
-
SHA1
adfa1855a0968d6db3463810cf9aa3b41ae470f3
-
SHA256
a867bf2ac0805f9542092208284b3eb22fc9d2a73f90d08cdcabc794592cc578
-
SHA512
96b51b503a6261e66f41a547c9c7082561d8fcae2871d084fb6473ae57f3f4aa206ae12eb69cfe13818a860d2beac5b4f123928017002b28404123861e054a60
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-