General
-
Target
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3
-
Size
824KB
-
Sample
220520-3d63msbffl
-
MD5
7f83ead19050d315dda52c550d7247ec
-
SHA1
06166fc9fc5c792198b6d07f637f75fc0265d8ca
-
SHA256
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3
-
SHA512
d2977c40418e3796a284585aad6446a8ac2112beda0b7ab74e48c1ede540e582027a70f34c31ea6cfb8e33ba7ca3a94afa23fe645a9502e2bc50f05af43f12cb
Static task
static1
Behavioral task
behavioral1
Sample
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ariahotel.md - Port:
587 - Username:
[email protected] - Password:
ariahotel9997
Extracted
Protocol: smtp- Host:
mail.ariahotel.md - Port:
587 - Username:
[email protected] - Password:
ariahotel9997
Targets
-
-
Target
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3
-
Size
824KB
-
MD5
7f83ead19050d315dda52c550d7247ec
-
SHA1
06166fc9fc5c792198b6d07f637f75fc0265d8ca
-
SHA256
5402a3f130e9579fdbf12e5ec23522d7cd483011952b8482d0d41940e56e5fb3
-
SHA512
d2977c40418e3796a284585aad6446a8ac2112beda0b7ab74e48c1ede540e582027a70f34c31ea6cfb8e33ba7ca3a94afa23fe645a9502e2bc50f05af43f12cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-