General
-
Target
d7bb4be665533a2aee8a1988f05aa68b115f8880fe98506f877b3989679b5e99
-
Size
833KB
-
Sample
220520-1713dahhhr
-
MD5
5dd472d3c9ee8bb5e6e3af441b5fe010
-
SHA1
d28422aee192bf361d4a609442e7eb8e9bead47f
-
SHA256
d7bb4be665533a2aee8a1988f05aa68b115f8880fe98506f877b3989679b5e99
-
SHA512
5eeca0d4049d36ea35a453fd1ad61c5c5ce734c82c229f76840860b8d09fedf5971c732613227c45ca6db8eea3b5fc53de8ba47eba587bd1b2047e3d0966e274
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Form.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transfer Form.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.santemoraegypt.com - Port:
587 - Username:
[email protected] - Password:
chimaroke2020
Targets
-
-
Target
Transfer Form.exe
-
Size
982KB
-
MD5
4ea79a2c86237635d3c893a8a0659d40
-
SHA1
23eae96908ec3dd6db47a7f306b111ab05f809a8
-
SHA256
65dc5eae6aba498e459af4ab782d21cf3708141b3886226a9e31c407b6d9aa8f
-
SHA512
e24e7f9c94f72ec4d5fa893a2d0fed5307c6cc746b2d703b69f5d169f9bd29b224d0a944b46829b62d38be9f0241b3fd5423a8f48565343213e15d4a16b03607
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-