General
-
Target
6.exe
-
Size
482KB
-
Sample
211202-q8b5jahchq
-
MD5
b2c0ac531324f7eb97a237595c6352a1
-
SHA1
55ad3433d06bc604d61ab6e339f2a54e7f6a9b75
-
SHA256
79001cdea4e9f4dea6fb4a9ad4a04439f59daf5e980ffff69bebc8c82e3da52b
-
SHA512
06cbc514e1dae1638a6976e5588a9d426313c7e4b0cf040574132a7e60e2791c60fa6bc264d3db1fdfb751016466902bae911ed61cd68bb4c30b4d14eba1f3c4
Static task
static1
Behavioral task
behavioral1
Sample
6.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
6.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.brq-pe.com - Port:
587 - Username:
foxylee@brq-pe.com - Password:
#iE*qGh5
Targets
-
-
Target
6.exe
-
Size
482KB
-
MD5
b2c0ac531324f7eb97a237595c6352a1
-
SHA1
55ad3433d06bc604d61ab6e339f2a54e7f6a9b75
-
SHA256
79001cdea4e9f4dea6fb4a9ad4a04439f59daf5e980ffff69bebc8c82e3da52b
-
SHA512
06cbc514e1dae1638a6976e5588a9d426313c7e4b0cf040574132a7e60e2791c60fa6bc264d3db1fdfb751016466902bae911ed61cd68bb4c30b4d14eba1f3c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-