General
-
Target
940777cef4027afe79ff975bb611d61ce7b3e430ec03d4ea74c628ea66501590
-
Size
339KB
-
Sample
220521-aencpsabb7
-
MD5
a4ce1e2cc56964fc1ef369b346db66ca
-
SHA1
5a73e802ae6a0378603873a0e3633d6315d9d292
-
SHA256
940777cef4027afe79ff975bb611d61ce7b3e430ec03d4ea74c628ea66501590
-
SHA512
11de5bb5e59ddbce914dda8a23995e17517bd0f81b32e2f2bad7d29b662fe3a31abbacf1ace2e3a3c6fb79f37d8ea4454a555d8b6fe3a80135e67c47f5ce0ac0
Static task
static1
Behavioral task
behavioral1
Sample
FPL-20192070152.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FPL-20192070152.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
success21
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
success21
Targets
-
-
Target
FPL-20192070152.exe
-
Size
532KB
-
MD5
e52075c25d5bb78f3629a58c3f9af914
-
SHA1
db9ee409f31e6ea93d92226f8bbf962c4e723060
-
SHA256
0c5832229b161853d9e772e14bdd0d18e630bcb3d79d4413a15184d199650c3f
-
SHA512
ae8dbf8a97c25524f861d286ea99a8c6a44556cb3519ef8ff8130ebfb9ab15de9f9250f97fe44a4299995009c82b009591cbfb277cee989ace198c3434f99e85
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-