General
-
Target
1a895b4a64a00fbd249254bdd8a3ebdf.exe
-
Size
604KB
-
Sample
211202-kpwf6sgfb2
-
MD5
1a895b4a64a00fbd249254bdd8a3ebdf
-
SHA1
23cb3c999fb8080d20b0b26eb21b899392c23311
-
SHA256
771ad35af9108de2379e1385b2e2e5d43e423f0d518320a4021af3f4fd77bec6
-
SHA512
5c1dad7b66cf35ae3a8a55af495dff5d63166496064536b0a86aabab884bd6d1f849fd38058a8374722c6a14935f856d71376b9a59d17cbdec23277fd772bcaf
Static task
static1
Behavioral task
behavioral1
Sample
1a895b4a64a00fbd249254bdd8a3ebdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
1a895b4a64a00fbd249254bdd8a3ebdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.askinmakina.com.tr - Port:
587 - Username:
[email protected] - Password:
A102030b.
Targets
-
-
Target
1a895b4a64a00fbd249254bdd8a3ebdf.exe
-
Size
604KB
-
MD5
1a895b4a64a00fbd249254bdd8a3ebdf
-
SHA1
23cb3c999fb8080d20b0b26eb21b899392c23311
-
SHA256
771ad35af9108de2379e1385b2e2e5d43e423f0d518320a4021af3f4fd77bec6
-
SHA512
5c1dad7b66cf35ae3a8a55af495dff5d63166496064536b0a86aabab884bd6d1f849fd38058a8374722c6a14935f856d71376b9a59d17cbdec23277fd772bcaf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-