General
-
Target
Details as attached in this mail.js
-
Size
628KB
-
Sample
211202-tynbladed6
-
MD5
e570e22ed2b2a600241ee070d0c4873d
-
SHA1
2cea5772982d6695cde4b1c2c8727034ec7d67b3
-
SHA256
904b4d3ef25a59a896522183f38be8cb155350dc1823cf7784b48e9fe93983c1
-
SHA512
357a23f2cff7632deb6eb05e2595795e914b56e8526896b9f6bf6736a95ba6b8804c7ee2941fd0a1f056a9ff5b5f219d598efffa4799dea13fb763866f631a89
Static task
static1
Behavioral task
behavioral1
Sample
Details as attached in this mail.js
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Details as attached in this mail.js
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zinco - Password:
computer147
Targets
-
-
Target
Details as attached in this mail.js
-
Size
628KB
-
MD5
e570e22ed2b2a600241ee070d0c4873d
-
SHA1
2cea5772982d6695cde4b1c2c8727034ec7d67b3
-
SHA256
904b4d3ef25a59a896522183f38be8cb155350dc1823cf7784b48e9fe93983c1
-
SHA512
357a23f2cff7632deb6eb05e2595795e914b56e8526896b9f6bf6736a95ba6b8804c7ee2941fd0a1f056a9ff5b5f219d598efffa4799dea13fb763866f631a89
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-