General
-
Target
a280f5f2bc4379a242017cb2199ff8ac.zip
-
Size
497KB
-
Sample
211201-3th1raghhk
-
MD5
2dd21cc3161cff094dbef0e20f72a71e
-
SHA1
0ee4b317265e20399448e5d85351414616fa5508
-
SHA256
b90de8fdccb57cc811183de7077002d1e23bad6fc0991b24ed150522f243e16c
-
SHA512
427f6a248cd556beaff95639da67f495843f21fb1324a29c0a403e424498dae069bc7217a197ccc3f83cefb5c1c5c5527b6f5ed5907b93ba23fda944c9acca1b
Static task
static1
Behavioral task
behavioral1
Sample
Obchodná faktúra.1-12-2021.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Obchodná faktúra.1-12-2021.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.renovateme.gr - Port:
587 - Username:
[email protected] - Password:
playboy123@
Targets
-
-
Target
Obchodná faktúra.1-12-2021.exe
-
Size
671KB
-
MD5
3b75a68ee1d760c02018a9713749a308
-
SHA1
4e7c21ac262daf128491a3536ee0465462f25d01
-
SHA256
a4d3d2100382df9f112a4c56a6487e3d7553e93f1bc819f5241a51364968ed9e
-
SHA512
223037e55a2ef0498e0821f69af321519d4ab9ee74178485320a37617ab3df6967a663d6b2e9439d9a49cc6d486446ab314808e86d325226d0ea9f3ec9106822
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-