General
-
Target
9070fceadad5f30b14823568d3b87a1526688c0db092aa0d9c6ac43bd7f04fe3
-
Size
414KB
-
Sample
220521-ae7rcadacp
-
MD5
9f61d7dce9a70ffff6ae6899c153e6c8
-
SHA1
c12581b613487e0c5dfe272bead8fce5003cbca3
-
SHA256
9070fceadad5f30b14823568d3b87a1526688c0db092aa0d9c6ac43bd7f04fe3
-
SHA512
01d96f4e3fade915530c168fa24733a7e3e8a2ee6087f5b32343d18240261b3604863272eab270bef75071e75aac13be2f39d5980d81194b0590123a93cc779d
Static task
static1
Behavioral task
behavioral1
Sample
Galaxy Ace.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Galaxy Ace.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.foodanddesign-lb.com - Port:
587 - Username:
[email protected] - Password:
yarze@2018
Extracted
Protocol: smtp- Host:
mail.foodanddesign-lb.com - Port:
587 - Username:
[email protected] - Password:
yarze@2018
Targets
-
-
Target
Galaxy Ace.exe
-
Size
741KB
-
MD5
b7607aabcd101fa943ede800f7c20d34
-
SHA1
77b0a5ebe742c83858fa2e147c6b7feeb218551c
-
SHA256
fa8867e0f92f5f0bf3fee15c02e4d4513d6b79928a12f73d7cc98abe382ba182
-
SHA512
a153d2e57666444371e9f1cb06cea5c34cd36d9bf40738846bbdf071625870aab4d0b6f4ac07b92877d6df9bee34a7166df617a811d60e32b356beddd51113b8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-