General
-
Target
.winlogon.exe
-
Size
775KB
-
Sample
211201-qxtv7sfeh2
-
MD5
6e2d47ac54d18c964c90915a010dc6fb
-
SHA1
fe3feb8c8a884f3bef05c4208db9569962dfed06
-
SHA256
ef44665a6222b35530d4bb9614ecb283c87dc3f32e1a054778ff50735a4abfe0
-
SHA512
ed690ba47d9460d6c5512fd827b45c638db13db2b87c063cddc54f249523c870df2438603acf033af73165db7107b9fcd319f550f345e1ab0e596c870a1ee7bc
Static task
static1
Behavioral task
behavioral1
Sample
.winlogon.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
.winlogon.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.soliagruop.com - Port:
587 - Username:
[email protected] - Password:
#@9$#@9r1jDC2BLR
Targets
-
-
Target
.winlogon.exe
-
Size
775KB
-
MD5
6e2d47ac54d18c964c90915a010dc6fb
-
SHA1
fe3feb8c8a884f3bef05c4208db9569962dfed06
-
SHA256
ef44665a6222b35530d4bb9614ecb283c87dc3f32e1a054778ff50735a4abfe0
-
SHA512
ed690ba47d9460d6c5512fd827b45c638db13db2b87c063cddc54f249523c870df2438603acf033af73165db7107b9fcd319f550f345e1ab0e596c870a1ee7bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-