General
-
Target
2d24bde9a82bceeb5422cacc5d60b5710f8394f1567b1ed86dbe919c3014684a
-
Size
426KB
-
Sample
220520-2legxsfee4
-
MD5
eeddb0c0a7fa939d3cc36fdcd3a1fbfa
-
SHA1
6e29898d8b223168b51176156d5c5abee55a2ab5
-
SHA256
2d24bde9a82bceeb5422cacc5d60b5710f8394f1567b1ed86dbe919c3014684a
-
SHA512
143a504a7abe304a8d6d1137bbd72a7163c26a774ba30d9e5af33415731af06466de6fe4d25e95e576c770fd544c8c61a863d5d0f9165a334f4ae870dda9c5d0
Static task
static1
Behavioral task
behavioral1
Sample
EX771260331787.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EX771260331787.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
success21
Targets
-
-
Target
EX771260331787.exe
-
Size
589KB
-
MD5
937316c0ab6b24b3f80323fc65d6170f
-
SHA1
ec33db76466c398d0c4ab816f6345f2ebd25e8c5
-
SHA256
639c8ee41234dcab34f5b8b53650f5e8ffaf78d50ccbb1ee807b62c26be770af
-
SHA512
06314f5ed656807b5a5837a4dbc86dd71eab514e66df9dd383e79db2b0a78ea6fb8f95bb3a7925ccf5ce3d35df3e2f4954bb11d7573c2f1bbdb4110d95e20cef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-