General
-
Target
423c77be1006265e07e97a06d8ceaa2a26b35368a406c0e49362b745561896b2
-
Size
450KB
-
Sample
220520-2jv2wsfdg2
-
MD5
e017eb0e202c5c45a4da5261a75b7abf
-
SHA1
bd0651ea84d0b89072c69a80252a6b45e41592c0
-
SHA256
423c77be1006265e07e97a06d8ceaa2a26b35368a406c0e49362b745561896b2
-
SHA512
4f6cf2bc68c9fee4b4affb9bd07b0f1e5c7c37c2591ed5996e0849824762eba4f1a60d0f768292fa3f26d9a27efc66f75f827d2a57b1678bfb690fa84172b06c
Static task
static1
Behavioral task
behavioral1
Sample
wfXlumJEIeTM9z8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
wfXlumJEIeTM9z8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.loudprofesslonal.com - Port:
587 - Username:
[email protected] - Password:
Capapapa123
Targets
-
-
Target
wfXlumJEIeTM9z8.exe
-
Size
569KB
-
MD5
0bf0e9d3d1d37ac01981a51215ce2bbd
-
SHA1
007c78a31bbfa22789ce6583a08d3dc85a30a13f
-
SHA256
6e1ea62f74eb06a3dd77f8a2ba47f435c0d97e6ce6e99a50049b65f10b70dab1
-
SHA512
1ece46679f8b2e9365b0dbe4522c1f5acd3f4a2423281ebd2eb5f64fe1b86abc1a2f396c772127ef88153ba165b3759fd961e5327d8287dd0ef734524dc7c1ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-