General
-
Target
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63
-
Size
729KB
-
Sample
220520-2m1rjsafgr
-
MD5
b21b9e894e6c6c13c381711a34bc8dff
-
SHA1
87d51ae2ee31e94d98472856741920479ef1bfac
-
SHA256
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63
-
SHA512
8d35ad5a556317cf3804b79dfa7c1ae06a548bb78735f940079fff27b79f7a99fc9fab7e394c92d3bf2fcdd96fae8ce2b3968887fe913f3bb111ca2b8e2a11a0
Static task
static1
Behavioral task
behavioral1
Sample
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bro-world.com - Port:
587 - Username:
[email protected] - Password:
$Tan5DN2h-0
Targets
-
-
Target
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63
-
Size
729KB
-
MD5
b21b9e894e6c6c13c381711a34bc8dff
-
SHA1
87d51ae2ee31e94d98472856741920479ef1bfac
-
SHA256
62d22d5c7e9397486f8747634c5b24de352df7d5b35ea403db5a32610a5b4b63
-
SHA512
8d35ad5a556317cf3804b79dfa7c1ae06a548bb78735f940079fff27b79f7a99fc9fab7e394c92d3bf2fcdd96fae8ce2b3968887fe913f3bb111ca2b8e2a11a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-