General
-
Target
6befcdf2818c8ec03dd132213e4fcc916b3826f8941f1f38d707a45b7a2599c5
-
Size
582KB
-
Sample
220521-any6kaaee5
-
MD5
53508173e74029c1654a2fc28d27af27
-
SHA1
92bd970756536cf028c898520545d26baf45ad64
-
SHA256
6befcdf2818c8ec03dd132213e4fcc916b3826f8941f1f38d707a45b7a2599c5
-
SHA512
97d5b03b4cc6808a2ff6fd1d5bd5c44a130f32dc641a30b646efda32274cbb25810c4add3aaba35c23579700507524fd9172e0b58e062040c841589e7201f8b6
Static task
static1
Behavioral task
behavioral1
Sample
BL draft FORM_xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL draft FORM_xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
BL draft FORM_xls.exe
-
Size
762KB
-
MD5
99996216855c81d9cc40d112468cfc26
-
SHA1
76e36c04c6fc6fd81a35b777df3f7c24feae524a
-
SHA256
7b8df140852947533df21149c9bcb88be9cf040440dfb8f5eb7140171d67ce52
-
SHA512
82aec45d3f0545e5639a075991fcc303258c64baf9653b7d45554fc9ba88de8cb6f9b9b15cfc9c2308ec798457494429ec2fbf8cb17565b36940ecaa5bd28789
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-