General
-
Target
a5fcf03fb1f1c7bbae2a4e0a04d958f7fd12b69b4fc7372dd936fce6746a883a
-
Size
398KB
-
Sample
220521-aae6jahhd4
-
MD5
719c9fb21eb5a74f7a72fad54968db78
-
SHA1
4104d4d69ba9e6a5bbdca34f4ec9a3f945e43b4f
-
SHA256
a5fcf03fb1f1c7bbae2a4e0a04d958f7fd12b69b4fc7372dd936fce6746a883a
-
SHA512
e1e8c6ba06adb2756d3c76b9cb730ebf082abdac26aa5cae2dd8c74031a15a0cc5d06cbae7766f2ebdcaa282fb8f515bb46270cfbbcc1dc6f43efd8dce6d965c
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Consignment Documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Extracted
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
Consignment Documents.exe
-
Size
447KB
-
MD5
c875c56f83bb289f8fc8cc80364c0c89
-
SHA1
c357dd32701a9e07164b277e2224d841415c11ff
-
SHA256
9241956eb6748031c6081171d747655373ffe236153dd901a663a3d24b9bf38c
-
SHA512
21474d535909f928a7f5ee71f091bb0aa3d528c92fb45a2f5fdfaa2aa9e5bc54ca69132acd6323c65226514e65ff1c6c295e8db08af2991ff5569a7ec747f04b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-