General
-
Target
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82
-
Size
678KB
-
Sample
220520-2tl7qsbabm
-
MD5
2c1332afd14c784bd8dc0839b14dbc9e
-
SHA1
4cd4211cbce3b878076e9563c68c4d3678ee93be
-
SHA256
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82
-
SHA512
d67ee44898dd6902faebf43b484fda86d07a2a441eaf7ec546c18117e88d0134bd312b7f68cfe5ceb5bf5038410eb85c3c65191065097d37801cb03537edd025
Static task
static1
Behavioral task
behavioral1
Sample
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ariahotel.md - Port:
587 - Username:
[email protected] - Password:
ariahotel9997
Extracted
Protocol: smtp- Host:
mail.ariahotel.md - Port:
587 - Username:
[email protected] - Password:
ariahotel9997
Targets
-
-
Target
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82
-
Size
678KB
-
MD5
2c1332afd14c784bd8dc0839b14dbc9e
-
SHA1
4cd4211cbce3b878076e9563c68c4d3678ee93be
-
SHA256
fa963327c91d9d8fb99fb2afae8bf10a36c799e42a52e0f2aae0cf3065ed3e82
-
SHA512
d67ee44898dd6902faebf43b484fda86d07a2a441eaf7ec546c18117e88d0134bd312b7f68cfe5ceb5bf5038410eb85c3c65191065097d37801cb03537edd025
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-