General
-
Target
92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457
-
Size
389KB
-
Sample
220520-2c418afbb4
-
MD5
d661af709699e60d826ca7e2a003ec28
-
SHA1
ac4d5d0679e7e29ede82fe06b9a066497453619b
-
SHA256
92ef2c9463b726f151cbc2bac57f6124fd355aa90ec4424de8500a543cfbc457
-
SHA512
9e94547675739aa3404bd5608fe36243789c9cf80560d3995bee1608caef561a6fdaa864ba4ee7957efe97497db0df278f0818f77a2903a4a1bfc7c8c6734dae
Static task
static1
Behavioral task
behavioral1
Sample
x1mxcUXjjHMfaSa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
x1mxcUXjjHMfaSa.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.annlap.com - Port:
587 - Username:
[email protected] - Password:
Control84@
Targets
-
-
Target
x1mxcUXjjHMfaSa.exe
-
Size
477KB
-
MD5
68856fdacb6584e5890f829511aeb545
-
SHA1
dc51e48753f6e6b25a14c5313fe12f2d0f68b4ef
-
SHA256
12846f275b6c95522b1b02433f0b11ea979cc328e0ea607c9d706b222d6ebd5a
-
SHA512
0968f8cd314b731b1b4bfd41248ac48191c6cccd7e3582ca21e1f9d7a67cdae89fe5541c7fe430f1a154b80d249d8edbda34a4c2a66d3b0a2dcd17d68bb71da2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-