General
-
Target
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7
-
Size
900KB
-
Sample
220521-amck6sddck
-
MD5
a478a037c8f7c793d33d1e0c98b872a8
-
SHA1
4c650cdd020027dd7384104343a70bd5c16e88dd
-
SHA256
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7
-
SHA512
ed81a9b6789ea9da207a5a1e27a1c7d789ec7b82cdfe1a4454577f29f5b7350ec6592b02bd224240ead0d5d7dd686c2da3e8d463eff8c310f53b6c9dbb7eb105
Static task
static1
Behavioral task
behavioral1
Sample
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7
-
Size
900KB
-
MD5
a478a037c8f7c793d33d1e0c98b872a8
-
SHA1
4c650cdd020027dd7384104343a70bd5c16e88dd
-
SHA256
a9f274b0b3283ecccdb07bb89bfe1af9ead7d8d766b89e5f05122c78c21173e7
-
SHA512
ed81a9b6789ea9da207a5a1e27a1c7d789ec7b82cdfe1a4454577f29f5b7350ec6592b02bd224240ead0d5d7dd686c2da3e8d463eff8c310f53b6c9dbb7eb105
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-