General
-
Target
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84
-
Size
456KB
-
Sample
220205-sj9qlschbl
-
MD5
a16220152ef376f028a9a96f495d1dff
-
SHA1
d1c3f258c6f6dbf20699a9509e0cd6cbf4b8d9f4
-
SHA256
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84
-
SHA512
2e1c43008edbd49363170f36e0b812e4dba25c382601353aeba4a982d2911f4a84e37f564b3f6793d077ad6593c37fdebcab35955b8d6e1bff92650cc247eda5
Static task
static1
Behavioral task
behavioral1
Sample
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.platinships.net - Port:
587 - Username:
phyno@platinships.net - Password:
J~5v.F5[G06H6}ct{!
Targets
-
-
Target
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84
-
Size
456KB
-
MD5
a16220152ef376f028a9a96f495d1dff
-
SHA1
d1c3f258c6f6dbf20699a9509e0cd6cbf4b8d9f4
-
SHA256
5f041ae78e581b4dbd9ccc968c5e57285c364c8a8c41493cd47833204aed0e84
-
SHA512
2e1c43008edbd49363170f36e0b812e4dba25c382601353aeba4a982d2911f4a84e37f564b3f6793d077ad6593c37fdebcab35955b8d6e1bff92650cc247eda5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-