General
-
Target
88186de5b370f64ce578e59c6201e056cbf75379b9b7a1f3f41180027de63078
-
Size
490KB
-
Sample
220520-2xft5agbd9
-
MD5
0bdd4575e24cda281657e929fce3203e
-
SHA1
eabfa2fd113a01dc1c594d8d5e229d6134313e77
-
SHA256
88186de5b370f64ce578e59c6201e056cbf75379b9b7a1f3f41180027de63078
-
SHA512
bb49c8143c33b713949d98e0b45dcec55b4acf1743a6a3884a84d7f999c39346f70b72f48bbb39cdba177fd8184b067450fadc683b85712da7323bdff07f26c9
Static task
static1
Behavioral task
behavioral1
Sample
20-06-17 Ekspla Qut..ISO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20-06-17 Ekspla Qut..ISO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
hitmanorigin.cf - Port:
587 - Username:
[email protected] - Password:
Spoofyou2015$
Targets
-
-
Target
20-06-17 Ekspla Qut..ISO.exe
-
Size
428KB
-
MD5
154a61c11f57ea053e033c44070a7075
-
SHA1
e8eca87156a5e78df5202151749dc89b928a01dc
-
SHA256
c6df18e549ea063da5203d4ea4f461441babd09131e227e2e638748127916564
-
SHA512
989ac79b9c39e24a3992a7b85ff6ee428cd196d9ae14e8dcd49cf9ebeced1e7f065cec81be84b93b3af11ed7b8089680b867ac2f876e0f9bb89ca4bac15def2c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-