General
-
Target
fdcb2e7d7865516d3a42fd65e60e1c57e87aa1b0e6f4f0915a2250929cd2f24c
-
Size
1.2MB
-
Sample
220520-3ha6rsghe4
-
MD5
b10e050f1f76c08d7c42c8911452a7c2
-
SHA1
4d3aa0ee30c3f49a7bec8d624b68f81f8075617f
-
SHA256
fdcb2e7d7865516d3a42fd65e60e1c57e87aa1b0e6f4f0915a2250929cd2f24c
-
SHA512
d5cae77c401dcbca586065a4ac781a3665dd252d74e3271d242249d0f1c76b25306f5b4f821956f3ffe847d4243ebbd2236140ca18cdd62aae85db394370a970
Static task
static1
Behavioral task
behavioral1
Sample
OC_1147_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OC_1147_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abr.rs - Port:
587 - Username:
[email protected] - Password:
beograd55874
Extracted
Protocol: smtp- Host:
mail.abr.rs - Port:
587 - Username:
[email protected] - Password:
beograd55874
Targets
-
-
Target
OC_1147_.EXE
-
Size
552KB
-
MD5
c86747454f9c24f1fa330b47ef865e47
-
SHA1
dd721210c7e184ba5627d89571539570d44afdde
-
SHA256
9d1e2a8584f32720f3f504ab505d1eab3864248b043107382d431fc731eeb953
-
SHA512
4d741c665d84a4eaf681591b69528584ce8c1c1eaea15d60c49c37e88f94f59493467f68506b946e2a832ac321e0eb76c00e227037346cdc697e90a57328f93c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-