General
-
Target
eff449fa76b6bd8f7e48ea58c174e513c74d1fcc0ac343f1f5985a6dda8e909b
-
Size
507KB
-
Sample
220520-3k9gcacabq
-
MD5
744f30e19894101f9ba37ef06b977154
-
SHA1
0d06eb12162f79724be4b9a911f1ea51dd964951
-
SHA256
eff449fa76b6bd8f7e48ea58c174e513c74d1fcc0ac343f1f5985a6dda8e909b
-
SHA512
738f07a2f00a6754ceb0dd22c38656ecf08b709a57431cf7331261985f1f6926901c4d3b32ef5c5b7b8c623a0539f5a03fac4fb576d466fcae22cdee5a8efb47
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C34EHXNCH76677.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SKM_C34EHXNCH76677.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Targets
-
-
Target
SKM_C34EHXNCH76677.exe
-
Size
646KB
-
MD5
1fccc95ce93f5524a2fb0dd94c04681f
-
SHA1
a7bc7aa1811bc320ef74d40ee3c87f5f6535edca
-
SHA256
ff0b9f708db639f183300851e7cd0eae087884007a1d9855659cf900f11cb780
-
SHA512
f6e9f52b83228c73d563fed8c13449605c9042da43b8ba46320acf74f460f0a98b991bbd255e5bbbd5ffd0483a780d4ad25c81db316da75a3adde42c1099c097
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-