General
-
Target
d0ee4eab4ae28305990de7a4ddc7f5a7c387ff4aef1a2e12285bcf3c1c643cea
-
Size
369KB
-
Sample
220520-3samzshdg3
-
MD5
91b3ddd543abf20c49e0a7bc9bbd7bf8
-
SHA1
1ac12c67f7096156c768b283966756d0fb3bfe22
-
SHA256
d0ee4eab4ae28305990de7a4ddc7f5a7c387ff4aef1a2e12285bcf3c1c643cea
-
SHA512
e996ba33abc310e542a6aa30f337e0f0c4ec656c4e5ab248e5fc64bb2eb22f54862d5bbab360abd8f811c9cff3ea3ec65112fb125143177dcce0758298ccc10f
Static task
static1
Behavioral task
behavioral1
Sample
nº 2020-03467009362.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
nº 2020-03467009362.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW204@Z7
Extracted
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW204@Z7
Targets
-
-
Target
nº 2020-03467009362.exe
-
Size
469KB
-
MD5
fffcfe8fc8c6e84bffe9de7211688042
-
SHA1
1a6b3fc8e241392b91118861aee8593e1fba93b8
-
SHA256
dd3efa049dae52bc00e22077a25ab03ec800ca061db672881073225ca390a791
-
SHA512
f9c6bfa69655a42f5cb36e9f8808232117065a3eb60df91233460b7a32fea00947df81f6fefe2f8d05d0c93a67078d0a4b28e9113186e0862c34a3c842b3f095
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-