General
-
Target
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8
-
Size
752KB
-
Sample
220520-2s9awabaan
-
MD5
9c058c43ae5c96bd6c88589e9e6e7b2b
-
SHA1
18326ddec5754237b79fdc2d9e6ba449d82396a2
-
SHA256
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8
-
SHA512
80592f769aba8ecfaea32300fba1590ae3cfa794a0713682c9d7de5d12bebc1edc3bd357b42bcb6a3c7dbdd69a91cbfc64537ff13ef9426141a69a4b65112e59
Static task
static1
Behavioral task
behavioral1
Sample
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Extracted
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Targets
-
-
Target
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8
-
Size
752KB
-
MD5
9c058c43ae5c96bd6c88589e9e6e7b2b
-
SHA1
18326ddec5754237b79fdc2d9e6ba449d82396a2
-
SHA256
f0006fd49e0257418ac267fb66d2cd7212e63ab146a187f9ce98c99eed7cb3e8
-
SHA512
80592f769aba8ecfaea32300fba1590ae3cfa794a0713682c9d7de5d12bebc1edc3bd357b42bcb6a3c7dbdd69a91cbfc64537ff13ef9426141a69a4b65112e59
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-