General
-
Target
8733e02341d126bf64636124cc25d0b7c699ad8080856bc1af843a4f6ae10f38
-
Size
398KB
-
Sample
220520-2xgresgbe2
-
MD5
0750ecc43773ac1131a7dc08f0d23b9d
-
SHA1
638539ce779b154f3722765d2682aca2497b1303
-
SHA256
8733e02341d126bf64636124cc25d0b7c699ad8080856bc1af843a4f6ae10f38
-
SHA512
c2c2964baa4ca78109d84419ec97e1df07bf9a9331c701b88dbd4bdd8b0338e8ed666a543162205e5e2fb52abccb25abb08a5bed676d09c7e5afdf9d02099835
Static task
static1
Behavioral task
behavioral1
Sample
#440620.docx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
#440620.docx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
twire.icu - Port:
587 - Username:
[email protected] - Password:
Amarachi@#$
Targets
-
-
Target
#440620.docx.exe
-
Size
438KB
-
MD5
e0de74a59868bde87235e8a21f6b4adb
-
SHA1
a35f3a9a87d46a1dc545d3e2115fed7c3bb2dca5
-
SHA256
12d4c982f6bdeaa94f72fff498674f68349a3bead97291d9a52ea39064228854
-
SHA512
44a972902cec133e4c9634c321d31b9cf99d7a10311ef7fecd5f19d7237c5762a08cf2007a785870de1fa5c562411b4b178365b9d0f799b763232dbc1db7e9ab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-