General
-
Target
7c997ad970ecdce19a66d96d27b62c25
-
Size
735KB
-
Sample
211108-rb5agshdaq
-
MD5
7c997ad970ecdce19a66d96d27b62c25
-
SHA1
51c297be002de80a44afbebfb6bbd9fb40b8828e
-
SHA256
e869d1cd3c3003c1d017c24aff43b4d4932d715f4a5e81e2d0ba8452e5ab2cfe
-
SHA512
cdc0c909c8f5de52578c7442d66ac2978e8a4df56eac0148df94d507371ae1134a6670abaaf4167deb7bd864e1f348d7f0d1a66ce7396c0f99528a348b95d6ca
Static task
static1
Behavioral task
behavioral1
Sample
7c997ad970ecdce19a66d96d27b62c25.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
7c997ad970ecdce19a66d96d27b62c25.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
nnabuike2019@yandex.com - Password:
Nnamdikanu
Targets
-
-
Target
7c997ad970ecdce19a66d96d27b62c25
-
Size
735KB
-
MD5
7c997ad970ecdce19a66d96d27b62c25
-
SHA1
51c297be002de80a44afbebfb6bbd9fb40b8828e
-
SHA256
e869d1cd3c3003c1d017c24aff43b4d4932d715f4a5e81e2d0ba8452e5ab2cfe
-
SHA512
cdc0c909c8f5de52578c7442d66ac2978e8a4df56eac0148df94d507371ae1134a6670abaaf4167deb7bd864e1f348d7f0d1a66ce7396c0f99528a348b95d6ca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-