General
-
Target
e9928501e21d7ecb4ee7fa3a531ec417b8507b797ae3e8749e1096d896fe5f24
-
Size
414KB
-
Sample
220520-3bgd7sgeg9
-
MD5
20735c1a56fe8537ac559ac2f1a8141b
-
SHA1
449dfaf80b97c60d30d8b5faa3946c4f5fec55e7
-
SHA256
e9928501e21d7ecb4ee7fa3a531ec417b8507b797ae3e8749e1096d896fe5f24
-
SHA512
3d4cb2984db3a4c68b21370b1da9a83a0521f1703dcae5959c0351025009b806b52672dd2792deab70af2d3d4c12031aa0c28e5096c96c407f8561b300b510a2
Static task
static1
Behavioral task
behavioral1
Sample
PeLCNZPEgPIg58v.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PeLCNZPEgPIg58v.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Z_}48ylhGkl_
Targets
-
-
Target
PeLCNZPEgPIg58v.exe
-
Size
479KB
-
MD5
4a1f29fda4f5d00f9e13f0c814d7cf44
-
SHA1
b7b311f9547e33f4c8310a5250354aea1bab48f7
-
SHA256
2666a1e156a82dc6537a5bc8c9393d90fb21c12d721fb10eeb8d9bfe0ffe6a18
-
SHA512
5e4b5642e4381f066bd46b01c3b6130ab5a5193f80aba20f2b9c3f6c9efabaa7c69244434e3d180df6de859c1eec72a6fa8b4c6d7903f0f0536e13cc417bfc70
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-