General
-
Target
f5ee7cd9737f914badddb5fc0ab117e10b586f27db6a0c724ab08b5e90acf87a
-
Size
944KB
-
Sample
220514-q84vjsabd8
-
MD5
1c3e4e7076555c18f18979886a97c9b7
-
SHA1
8b628600c68add4e57e392a265d2ffa701085c9b
-
SHA256
f5ee7cd9737f914badddb5fc0ab117e10b586f27db6a0c724ab08b5e90acf87a
-
SHA512
eda7169920d7e42cc999ba28e1cf4e06a1beb32f2eea9c4a8c937661560f3fc171dab97a295edf10bc0833fa490cf394d4a30497b68273d3d657f8fcaa6b501e
Static task
static1
Behavioral task
behavioral1
Sample
f5ee7cd9737f914badddb5fc0ab117e10b586f27db6a0c724ab08b5e90acf87a.exe
Resource
win10-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.storewel.com - Port:
587 - Username:
hr@storewel.com - Password:
windows8.1#
Targets
-
-
Target
f5ee7cd9737f914badddb5fc0ab117e10b586f27db6a0c724ab08b5e90acf87a
-
Size
944KB
-
MD5
1c3e4e7076555c18f18979886a97c9b7
-
SHA1
8b628600c68add4e57e392a265d2ffa701085c9b
-
SHA256
f5ee7cd9737f914badddb5fc0ab117e10b586f27db6a0c724ab08b5e90acf87a
-
SHA512
eda7169920d7e42cc999ba28e1cf4e06a1beb32f2eea9c4a8c937661560f3fc171dab97a295edf10bc0833fa490cf394d4a30497b68273d3d657f8fcaa6b501e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-