General
-
Target
LC000034-1-0093202111.exe
-
Size
773KB
-
Sample
211201-lmelbaece8
-
MD5
a8698e16ca9ab18dc5103a319fa5a30e
-
SHA1
ed242ef9fce45c21b4ed26ee9b6d925d3ecd2025
-
SHA256
ee000e5f2819689da26186323df2277a71c6bc537e691e7141ec1da80c65ab80
-
SHA512
6f1515857c7d886d6574d330e896a5333acfce669fdf708407a030903df11039b2805aac20bb9cf5f9057bb7a9d2b6298a320d7235f4312d0b9ffc8d2a45b1ac
Static task
static1
Behavioral task
behavioral1
Sample
LC000034-1-0093202111.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
LC000034-1-0093202111.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.retissima.net/ - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!
Targets
-
-
Target
LC000034-1-0093202111.exe
-
Size
773KB
-
MD5
a8698e16ca9ab18dc5103a319fa5a30e
-
SHA1
ed242ef9fce45c21b4ed26ee9b6d925d3ecd2025
-
SHA256
ee000e5f2819689da26186323df2277a71c6bc537e691e7141ec1da80c65ab80
-
SHA512
6f1515857c7d886d6574d330e896a5333acfce669fdf708407a030903df11039b2805aac20bb9cf5f9057bb7a9d2b6298a320d7235f4312d0b9ffc8d2a45b1ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-