General
-
Target
629f005ea8d475f7c344ba501dee43cce60a34a19e61c5d2609db19131a18526
-
Size
596KB
-
Sample
220521-aqql7safc5
-
MD5
6f411c6c3e90df8da88f06fce9235413
-
SHA1
bb22ab25196cc340da5bec82c68995e4bae427c6
-
SHA256
629f005ea8d475f7c344ba501dee43cce60a34a19e61c5d2609db19131a18526
-
SHA512
f754cf1de133b6d8fc7c0190eec92ab3b183ef2b566590ea7f66212608b8d924af0b15665a86b65007f3905dbee8cdda7ce1009f8b66a269caa9c707f5e7e781
Static task
static1
Behavioral task
behavioral1
Sample
34433453-WONDN5-FTBO-9766464.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
34433453-WONDN5-FTBO-9766464.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
08140480968Ju@
Extracted
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
08140480968Ju@
Targets
-
-
Target
34433453-WONDN5-FTBO-9766464.exe
-
Size
776KB
-
MD5
7cecd11b35bf3d543e5430d11faa8bde
-
SHA1
267eeb1e36466bc3a5dbe6c699495543567077cc
-
SHA256
2f94a22459281f588230523a1ec32e45ef392d1e202a3e70f0606f66a44ea982
-
SHA512
711547f380283937192536906f9e2184655e9463a2bd33a577ffcefcbc1e66080f4fc47812dcfb66596a9a03962ba09a68ab0439e38657f48cb4b8f49062e8e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-