General
-
Target
11464406915eec077965dd4d47c329c3cd04afb3d481f1e65766f9b60e030c47
-
Size
496KB
-
Sample
220520-2nqb7sagbm
-
MD5
986ecddda7eb06cea968cef511208543
-
SHA1
0eb8b663786525322bae9202743a72f3f216679f
-
SHA256
11464406915eec077965dd4d47c329c3cd04afb3d481f1e65766f9b60e030c47
-
SHA512
d60b89f3f25e5b63cad2d6bbdc4423cc77a5bc68457b13804a6840774d954a44ba1a81fec08870c1761b660a94a4a9f3026e65d7d8cb4400234d1606555e169c
Static task
static1
Behavioral task
behavioral1
Sample
P160999.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P160999.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
P160999.exe
-
Size
626KB
-
MD5
fd59f29a613cf82bf56b03b066c49a36
-
SHA1
7c5310054b246c6a7fd6d3a602201b5d19ffb8bb
-
SHA256
fda323de5210f1ec46ee237d0e58558d78d34474ea282bf5dd1ca448c5ad369b
-
SHA512
c13b85ce5d7d0cab137e41197ba9ea29ff60193f1cc7c3b62451085c80caf97158328f5ec2a54eddd1a51c180d1dec709a43e2cbe8658c136cf2e26fd2d21b24
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-