General
-
Target
4171b0923b78c2e5322eea578d54937c
-
Size
838KB
-
Sample
211112-qb37radeb8
-
MD5
4171b0923b78c2e5322eea578d54937c
-
SHA1
00b56c6bceedce74486dead18b3e372054c25201
-
SHA256
41b14ea85f14cfb7cc52427bb855a9512d3d26992c523ba496b5c8caa3e498c9
-
SHA512
0f47859e32fdf48d15d8c9ae79d590bbbf463c6422a04dbfd9ddce485b1530d0016279dac86766100b3675333a700e15f20ee5df88bb04e3257a411aea2b01f9
Static task
static1
Behavioral task
behavioral1
Sample
4171b0923b78c2e5322eea578d54937c.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
4171b0923b78c2e5322eea578d54937c.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lawyerlex.es - Port:
587 - Username:
mcenteno@lawyerlex.es - Password:
04092009
Targets
-
-
Target
4171b0923b78c2e5322eea578d54937c
-
Size
838KB
-
MD5
4171b0923b78c2e5322eea578d54937c
-
SHA1
00b56c6bceedce74486dead18b3e372054c25201
-
SHA256
41b14ea85f14cfb7cc52427bb855a9512d3d26992c523ba496b5c8caa3e498c9
-
SHA512
0f47859e32fdf48d15d8c9ae79d590bbbf463c6422a04dbfd9ddce485b1530d0016279dac86766100b3675333a700e15f20ee5df88bb04e3257a411aea2b01f9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-