General
-
Target
afc61150b608932a24f875da798c1b169880dc22aa7758996e4c57da963fbe97
-
Size
836KB
-
Sample
211112-rtgxxadfc4
-
MD5
daf84fefe9b9a1649218f09792fdc2c4
-
SHA1
6c4a99e7ee5f9f23e456260431aa28461b267dc0
-
SHA256
afc61150b608932a24f875da798c1b169880dc22aa7758996e4c57da963fbe97
-
SHA512
c655bd2c4321bc6892098803519ac80e3c7bc6b1ff7daef5ea6d23cb23cc69e16230c01f6f83aa0aef1ded80b411ad6a7b3e9a50f9818cc985a3e656efa8c7e3
Static task
static1
Behavioral task
behavioral1
Sample
afc61150b608932a24f875da798c1b169880dc22aa7758996e4c57da963fbe97.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lawyerlex.es - Port:
587 - Username:
mcenteno@lawyerlex.es - Password:
04092009
Targets
-
-
Target
afc61150b608932a24f875da798c1b169880dc22aa7758996e4c57da963fbe97
-
Size
836KB
-
MD5
daf84fefe9b9a1649218f09792fdc2c4
-
SHA1
6c4a99e7ee5f9f23e456260431aa28461b267dc0
-
SHA256
afc61150b608932a24f875da798c1b169880dc22aa7758996e4c57da963fbe97
-
SHA512
c655bd2c4321bc6892098803519ac80e3c7bc6b1ff7daef5ea6d23cb23cc69e16230c01f6f83aa0aef1ded80b411ad6a7b3e9a50f9818cc985a3e656efa8c7e3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-