General
-
Target
f0a677cd3e128b13539ab1af458811affe9a06d8057330abf31bf51eed3e10f0
-
Size
696KB
-
Sample
220520-3k54xscaar
-
MD5
d2415464ea8672ba95a0d77dfb249660
-
SHA1
72ea9f26c1b7362a9e5db6244697c95514ca850a
-
SHA256
f0a677cd3e128b13539ab1af458811affe9a06d8057330abf31bf51eed3e10f0
-
SHA512
8cd6eff9946d3b0d461df05da23e720135db21472a9a9d9abb5d56d517494040b9c9e79e91e6f41fe7e988e19d0bed7d5be4b431bf0907602c01bb08fe9f982d
Static task
static1
Behavioral task
behavioral1
Sample
30% Swift Scan0076567865.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
30% Swift Scan0076567865.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
(UxyAlp7
Targets
-
-
Target
30% Swift Scan0076567865.exe
-
Size
881KB
-
MD5
18d072ed64a848f29404519c3969ac2f
-
SHA1
e72a33598531541392e5059a72c18e6e2481f9e2
-
SHA256
9c7b103e3aaa595ae90af29253f1c0c7062dba34fd4b97070644105b025a3488
-
SHA512
5f6047f683570ca81fe854da8a3b0fc778a20b06f9d9f7acd65b219278eb050663f181844a26e0e70a64c6942b2c58e900cc0562c60e5266c0ddddf373fa8fcb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-