General
-
Target
8c8ff96bd74a2c98b5e54cb467e01ba161c174e22a64da7a1301305c926fe463
-
Size
212KB
-
Sample
220521-af1pesdaer
-
MD5
51ed2094895a9d59ab0ee754da581e93
-
SHA1
4804ba235addc7e1e9be991c9f2f09983dd96d3c
-
SHA256
8c8ff96bd74a2c98b5e54cb467e01ba161c174e22a64da7a1301305c926fe463
-
SHA512
c49632956ff17e01c6be811c45c11f30668d43d029396d669ca16e780115b0b2ce026e3026a88234490fb9452126f4ee472f07d9c87c51161cd16fede1597888
Static task
static1
Behavioral task
behavioral1
Sample
TT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.qualitypulse.sg - Port:
587 - Username:
[email protected] - Password:
10EWR0203486364
Targets
-
-
Target
TT.exe
-
Size
392KB
-
MD5
12c6c1f0e5fb3368ab6554107edd565a
-
SHA1
73c727ccc4a8fc0309f42a1aa85a63ad33298577
-
SHA256
229e18e155787dc908a3a479c9c07b06fa40a17cc56a80bae93d7a2694ff8af7
-
SHA512
1c0c02234507af9607e1772f996bbe57d818c1d5a2a402b6bb1e9a60825b7c4382a88d00d3ba330ec667e3077d82fe9031bc63fe3078a03e21f9f13b44b73347
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-