General
-
Target
BL DRAFT COPY.zip
-
Size
392KB
-
Sample
211201-jpvdfaagdp
-
MD5
b7cfce8a4af0c9486b414749d56501bd
-
SHA1
b5e9f8f9ab3f6b8e42900d00391a7963ab6b27fd
-
SHA256
a2a7b118f19ec3c310046dc91adb960de63d224978e76a80028360614b0a89cc
-
SHA512
28558121c47f1d8bdacf331e91500ce1de5548c1e89d966ae2006e62879a44c4b6d02f210dbd9898f98ab16ec6d5b1e7813841b07f0cb2fd863f84d0e2d94eab
Static task
static1
Behavioral task
behavioral1
Sample
BL DRAFT COPY.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
BL DRAFT COPY.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.khawambros.com - Port:
587 - Username:
[email protected] - Password:
1EJRh0xnEN549JSbdZHz
Targets
-
-
Target
BL DRAFT COPY.exe
-
Size
513KB
-
MD5
e6724029c9afbedfb3444b1376009152
-
SHA1
a492738237fe510c57b792353971865974a9c0c3
-
SHA256
0e1520040239e949acaed29e68fb90f58d5dbf757f3b3abe5727cad2c35e470c
-
SHA512
09fe868d9c3448e0f9a9a04133109517f15c4e3b05e0c3b7c8f143d6c3af2b7a36246a429da731d2d1784f3ccb2edde3e45b6a90d107a9c684420d7f84f5066d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-