General
-
Target
a8717d6a5cb70ed3abca64e8528687ff23580f2cac4c35b4e4983fa7d417e7f3
-
Size
1.2MB
-
Sample
220520-31399shhc4
-
MD5
3d910741e5f3d49860d64cdea7e11c58
-
SHA1
ff1891a0e9449bf0416903f77ad8468fd650014d
-
SHA256
a8717d6a5cb70ed3abca64e8528687ff23580f2cac4c35b4e4983fa7d417e7f3
-
SHA512
cf8600dba9b8966e0cf299db2f318c60d791018a9ea6b2fee08541aee1cd173c4af69b7632cbc6c8c75b35a3947c936221ad45e9a7cfea757c5677583470ad95
Static task
static1
Behavioral task
behavioral1
Sample
BID70002.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BID70002.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mehatinfo.com - Port:
587 - Username:
[email protected] - Password:
X6b{Z0&~hQ@Y
Targets
-
-
Target
BID70002.EXE
-
Size
718KB
-
MD5
7cab4fe81fa7a3bb91bbdb1b94254478
-
SHA1
a5e77555b8728cb32efdc69d381ddf789e799df8
-
SHA256
767d213b2083d5ba0cfb4e4d281fcce7d2233345ec7932e2d89cf303fd51b10e
-
SHA512
858c0945f3d4f51b160cdb5c3c6517238eb3de34c4742e98e09f942538c95f221c133f0f313642b08cb56f3eec419a57a317a872a7f49d1a9d8922b61511c27b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-