General
-
Target
d4f3a23de152daf177db359ed1fbce53304433db0dab64d24febfb6cf9a3be71
-
Size
633KB
-
Sample
220520-3q1rdshdb4
-
MD5
eba450d4a6bdb112331f46d1fe90dd38
-
SHA1
12b21f629da9edb33789199b723569ceaa9994de
-
SHA256
d4f3a23de152daf177db359ed1fbce53304433db0dab64d24febfb6cf9a3be71
-
SHA512
2bdb6b24e6ca8f2448e2a39a45149f0e737f8c4390f760b537677c481d5a8ccf42df8053ce679473d46a227681a70815afd11ad52444d0587cf35e517934db9a
Static task
static1
Behavioral task
behavioral1
Sample
urRoho98uAFcMyA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
urRoho98uAFcMyA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.avastragroup.com - Port:
587 - Username:
[email protected] - Password:
*vVABUb9
Targets
-
-
Target
urRoho98uAFcMyA.exe
-
Size
869KB
-
MD5
7300bcb49317a89d673ad030f5b94a64
-
SHA1
b508bd5821133a2d6e08ae55e4e6822e79746b27
-
SHA256
ec766638dbd645faad5115dab7ff18b9e2afb5f4a0da724ac945ae3e50815b06
-
SHA512
b2f2c51fdcaafb049c005b7fd5ed2bd0eb40564668933931eb64d603c92fc108441396790aa039a9cfca01114e3c1ea0374e417cdc23ebe4fcdcc6b1f132ba13
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-