General
-
Target
618e5a645e7860f6eb3c64e205f94d7b31e5108f1bba32f512b4bd765b7bd66f
-
Size
504KB
-
Sample
220521-aqz6msafd7
-
MD5
1d60c44d6a3fc33552a6ac3cfcc17a78
-
SHA1
0070fce2fd6e1cb9d2f8e546ef391be9765cbf47
-
SHA256
618e5a645e7860f6eb3c64e205f94d7b31e5108f1bba32f512b4bd765b7bd66f
-
SHA512
3eaa555bb9a27af3964bfda71210a873b6a7528542176fd0d6f5f971cd47f826d6275f038e5a327da5c5b983eabf4852a0bc908de2f0b6eb55a0c7a0ca9a6235
Static task
static1
Behavioral task
behavioral1
Sample
CvLcJcAjI2qE7PC.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CvLcJcAjI2qE7PC.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Extracted
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Targets
-
-
Target
CvLcJcAjI2qE7PC.exe
-
Size
759KB
-
MD5
f53e16683cf99b5f4fea1a92663649b8
-
SHA1
40a48b027e0285be2d7f3ec13972d2a43b789275
-
SHA256
d46f5dde6c8522b2720eb3f72e3a78853fed2683844610e8fe7b774629b0a33a
-
SHA512
04d997dd7ec311e8237656388882f6f005f85a57adba3a98101de08e57421cd0deee1761d845868800dc455e4ce1f2a9626ef05acf90f5d8a653ec8eae960f52
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-