General
-
Target
tmp/.winlogon.exe
-
Size
462KB
-
Sample
211202-vereksafbj
-
MD5
629f5bb8b5ee75e90c393ad9d96a1772
-
SHA1
b09925a7163bef858657a1b39146fe27abb01f99
-
SHA256
15637f2d530662c968272c1e6e48ca6a093f0c828edf0cbb5cd32d9af03b3ff5
-
SHA512
3434c0b1f42533c42a4232809a007ddfd340ebc0d500db436cd038e3d3b4aaf0fd8bcf36e3a1cee4442c5d894679f5cdc7cef5a90c04534f937121d6cc9e3857
Static task
static1
Behavioral task
behavioral1
Sample
tmp/.winlogon.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
tmp/.winlogon.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.stockmeieir.com - Port:
587 - Username:
m.melendez@stockmeieir.com - Password:
aU6sb@#1%Efh
Targets
-
-
Target
tmp/.winlogon.exe
-
Size
462KB
-
MD5
629f5bb8b5ee75e90c393ad9d96a1772
-
SHA1
b09925a7163bef858657a1b39146fe27abb01f99
-
SHA256
15637f2d530662c968272c1e6e48ca6a093f0c828edf0cbb5cd32d9af03b3ff5
-
SHA512
3434c0b1f42533c42a4232809a007ddfd340ebc0d500db436cd038e3d3b4aaf0fd8bcf36e3a1cee4442c5d894679f5cdc7cef5a90c04534f937121d6cc9e3857
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-