General
-
Target
Image001.exe
-
Size
612KB
-
Sample
211202-ww16sabahp
-
MD5
ff1b46d412d2890828fdeee1d983dea1
-
SHA1
2c2c60bc32b11f866aed66f29ce30c362b352567
-
SHA256
3f9f72ec6bd759569e783528a4a2e0426472dfae328af93afbf9da273e92adf5
-
SHA512
d6ea42338428fc9da1552c1879b334b4a70f121eb9c3fce31b513bc86f2eca5a7ba7bb17a6ec059910b2fda3f2bb6717a975828f6de985630d0420bde153333b
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Image001.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cgyasc.com - Port:
587 - Username:
castilloo@cgyasc.com - Password:
Castle1
Targets
-
-
Target
Image001.exe
-
Size
612KB
-
MD5
ff1b46d412d2890828fdeee1d983dea1
-
SHA1
2c2c60bc32b11f866aed66f29ce30c362b352567
-
SHA256
3f9f72ec6bd759569e783528a4a2e0426472dfae328af93afbf9da273e92adf5
-
SHA512
d6ea42338428fc9da1552c1879b334b4a70f121eb9c3fce31b513bc86f2eca5a7ba7bb17a6ec059910b2fda3f2bb6717a975828f6de985630d0420bde153333b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-