General
-
Target
SlipMT103.exe
-
Size
500KB
-
Sample
211125-ve5bfabbg6
-
MD5
5cbac1b17cef2bc95f5b18f87ec1de49
-
SHA1
85d362c8463eaaf6c071414f741f32bd4cc51f0c
-
SHA256
29291b4fb097c75dc3ecf4787a03175ec150319e9ab97a96b6084d1fe2dae2a5
-
SHA512
418d44dc7f1fca6c718aa6b61f545723ecd969e57ca05564703eb820888847833d22ca805f934f62f9461f278092e78060289aca98ca2123da51c0d85ceba84d
Static task
static1
Behavioral task
behavioral1
Sample
SlipMT103.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SlipMT103.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquanova.es - Port:
587 - Username:
administracion@aquanova.es - Password:
Aquaribe2419*
Targets
-
-
Target
SlipMT103.exe
-
Size
500KB
-
MD5
5cbac1b17cef2bc95f5b18f87ec1de49
-
SHA1
85d362c8463eaaf6c071414f741f32bd4cc51f0c
-
SHA256
29291b4fb097c75dc3ecf4787a03175ec150319e9ab97a96b6084d1fe2dae2a5
-
SHA512
418d44dc7f1fca6c718aa6b61f545723ecd969e57ca05564703eb820888847833d22ca805f934f62f9461f278092e78060289aca98ca2123da51c0d85ceba84d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-