General
-
Target
0f6c975dd9dc51bc14522c8f55864724
-
Size
602KB
-
Sample
220505-gtqjyafce9
-
MD5
0f6c975dd9dc51bc14522c8f55864724
-
SHA1
ec4b675e8eb45d4caf359e0cf897b855db29dff7
-
SHA256
b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46
-
SHA512
867d95e8525e045575f2f9fe7f165f6840e5df9ada790ca1e79bb28581a6088a77e042ddf63a72659d24384dc72f05990f8b56eaa3511b86c938125596cec6d1
Static task
static1
Behavioral task
behavioral1
Sample
0f6c975dd9dc51bc14522c8f55864724.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0f6c975dd9dc51bc14522c8f55864724.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.hardroot.biz - Port:
587 - Username:
home@hardroot.biz - Password:
bigboy247
Extracted
agenttesla
Protocol: smtp- Host:
mail.hardroot.biz - Port:
587 - Username:
home@hardroot.biz - Password:
bigboy247 - Email To:
doc@hardroot.biz
Targets
-
-
Target
0f6c975dd9dc51bc14522c8f55864724
-
Size
602KB
-
MD5
0f6c975dd9dc51bc14522c8f55864724
-
SHA1
ec4b675e8eb45d4caf359e0cf897b855db29dff7
-
SHA256
b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46
-
SHA512
867d95e8525e045575f2f9fe7f165f6840e5df9ada790ca1e79bb28581a6088a77e042ddf63a72659d24384dc72f05990f8b56eaa3511b86c938125596cec6d1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-