General
-
Target
CO DRAFT Al Zaytounah project.exe
-
Size
485KB
-
Sample
211202-swcawadbd9
-
MD5
80cec5a926b23b289405700083013293
-
SHA1
fbe4b963e5247b52a42ef7485fc2006a77ecbe3a
-
SHA256
556b249f8b149348daec751c26360cb2cb5abc61a5f067281e14d771a4817086
-
SHA512
db2e3e054b6910982ba8a1758b4b44ea27bdc252380c5d02c8fd8c458f3742c3d415c4bcbc0cdec8c146633d301a969180b9d9b5e9882fd9f8ca2ef22e9e6638
Static task
static1
Behavioral task
behavioral1
Sample
CO DRAFT Al Zaytounah project.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
CO DRAFT Al Zaytounah project.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
milli@emremetal.xyz - Password:
TB@h;x2zl*5c
Targets
-
-
Target
CO DRAFT Al Zaytounah project.exe
-
Size
485KB
-
MD5
80cec5a926b23b289405700083013293
-
SHA1
fbe4b963e5247b52a42ef7485fc2006a77ecbe3a
-
SHA256
556b249f8b149348daec751c26360cb2cb5abc61a5f067281e14d771a4817086
-
SHA512
db2e3e054b6910982ba8a1758b4b44ea27bdc252380c5d02c8fd8c458f3742c3d415c4bcbc0cdec8c146633d301a969180b9d9b5e9882fd9f8ca2ef22e9e6638
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-