General
-
Target
2e5247cb876de7d41c8cd2d350aa6512aeb1f93da5fdb368075d5cc97accfbd2
-
Size
1.3MB
-
Sample
220520-2zth1agce3
-
MD5
f7b01ebf3d1852568404cfe4cb7263c2
-
SHA1
4a682c469015e4ffb3c6033371b3b80dc63ae2e9
-
SHA256
2e5247cb876de7d41c8cd2d350aa6512aeb1f93da5fdb368075d5cc97accfbd2
-
SHA512
487ae7fbdc1c064b5f917a90d5169798c677f5993b0772a951cad3ddeff9dd705358c6c5b8907319a4652f796f9eb3b020ee3888b319ebcafff7b3743445ca58
Static task
static1
Behavioral task
behavioral1
Sample
order for August .scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
order for August .scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Doggy@#$234
Targets
-
-
Target
order for August .SCR
-
Size
1.7MB
-
MD5
a3732c7e285f3c9f310ba3aa0c80b324
-
SHA1
fb2c4beef9c57c54519a238870bb6cea0fd7f05e
-
SHA256
1fe24761cfcb48d6d3a4f1ad9d02c2429c7f567fda2bda78f5d12c89717c6285
-
SHA512
de1049c97658a7ec1d37bfe7e6cd39ef04df75b13cb5e7381413c4e9cc95757b2d62a191c020ac3c599a5c77ae22696b20b72ea13fc70fe2283fae849812dc2a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-