General
-
Target
5286abbdb535d1ef9258f1003f8755072d700ba9874d29d4b07954aeca3d7f56
-
Size
433KB
-
Sample
220520-3ayl4abecm
-
MD5
6a50f773559f3b0bac4fbb2ed34e5a17
-
SHA1
7bbb10502ab88191ad76f1a1c2f46dc53bea69d4
-
SHA256
5286abbdb535d1ef9258f1003f8755072d700ba9874d29d4b07954aeca3d7f56
-
SHA512
92408510c1f819cc9045d01ea13590b16313252711dd1d1e70762899bc89609c303cd69ce32bec816fc639e832dda9bb9fb7e43cff40a0401967018aa3abf943
Static task
static1
Behavioral task
behavioral1
Sample
HUJUoHNDvfZTiEM.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
HUJUoHNDvfZTiEM.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lettu.us - Port:
587 - Username:
[email protected] - Password:
western2020@
Targets
-
-
Target
HUJUoHNDvfZTiEM.exe
-
Size
490KB
-
MD5
f93a5756dce9c41e690029529f0dd25c
-
SHA1
ccb444a4628fd2035aa38ff8a50727f4c0a67ffb
-
SHA256
7e393bcd518415ad70e7a6924c8798391400554fce9c2a639a891dcda4f8e230
-
SHA512
7ad1ca297782ce423311d11cb1f2932a7edb64a0364be54558e881073d3095a0b6993dcaabb01e34e18a89a2a134e3887dfac6beeb880f6463520d65b635e42c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-