General
-
Target
6979d389f97f72ff28a44b48f847cbb8.exe
-
Size
535KB
-
Sample
211216-lfb7lsceaj
-
MD5
6979d389f97f72ff28a44b48f847cbb8
-
SHA1
c27c09eb0d960539f3949fee85cd9b764fe40767
-
SHA256
4bfa748a871e9b9e6f1defff58eba0046b0b838327845185d6ba6eaa5fc85f73
-
SHA512
b0fc04dc61e080898aaf824ee4c2940e2d14239f15a96585d57eee4742988e55cbf40a138a2c8b10f897751e85c7fea39d1eb37bfdb63622a3177deef477bd93
Static task
static1
Behavioral task
behavioral1
Sample
6979d389f97f72ff28a44b48f847cbb8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
6979d389f97f72ff28a44b48f847cbb8.exe
Resource
win10-en-20211208
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.myremediez.com - Port:
587 - Username:
help@myremediez.com - Password:
123123456
Targets
-
-
Target
6979d389f97f72ff28a44b48f847cbb8.exe
-
Size
535KB
-
MD5
6979d389f97f72ff28a44b48f847cbb8
-
SHA1
c27c09eb0d960539f3949fee85cd9b764fe40767
-
SHA256
4bfa748a871e9b9e6f1defff58eba0046b0b838327845185d6ba6eaa5fc85f73
-
SHA512
b0fc04dc61e080898aaf824ee4c2940e2d14239f15a96585d57eee4742988e55cbf40a138a2c8b10f897751e85c7fea39d1eb37bfdb63622a3177deef477bd93
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-