General
-
Target
2d40b12c6aaeb711a05c114a3147fd6139d893197a0b9787bb718199e99fe5cb
-
Size
458KB
-
Sample
211203-mmz3pagahk
-
MD5
20372054c8b59a03677088b4c9f237e3
-
SHA1
063e2810e44ac8808bc0ae0471441ffc37a85c7e
-
SHA256
2d40b12c6aaeb711a05c114a3147fd6139d893197a0b9787bb718199e99fe5cb
-
SHA512
98babf6c128b4d39cb71498c5bc5d5883d3bc5084bd10b2b1bea16a248291aff4b386085a4d27392df3abadd0b4f5f769dbee337e0d45fd871180fb99850b44d
Static task
static1
Behavioral task
behavioral1
Sample
2d40b12c6aaeb711a05c114a3147fd6139d893197a0b9787bb718199e99fe5cb.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sementescaicara.com.br - Port:
587 - Username:
coordenador@sementescaicara.com.br - Password:
sementes4062
Targets
-
-
Target
2d40b12c6aaeb711a05c114a3147fd6139d893197a0b9787bb718199e99fe5cb
-
Size
458KB
-
MD5
20372054c8b59a03677088b4c9f237e3
-
SHA1
063e2810e44ac8808bc0ae0471441ffc37a85c7e
-
SHA256
2d40b12c6aaeb711a05c114a3147fd6139d893197a0b9787bb718199e99fe5cb
-
SHA512
98babf6c128b4d39cb71498c5bc5d5883d3bc5084bd10b2b1bea16a248291aff4b386085a4d27392df3abadd0b4f5f769dbee337e0d45fd871180fb99850b44d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-