General
-
Target
5f3e0b955a3680e22ead8dedddb983423d908c17e93b0ed5cc2c81be1d5fa2cf
-
Size
501KB
-
Sample
220521-arelbsdfaj
-
MD5
dd01195c2b884cce810d652573730410
-
SHA1
3560d3ead17492ad5ef0652d37da520c43cc2fff
-
SHA256
5f3e0b955a3680e22ead8dedddb983423d908c17e93b0ed5cc2c81be1d5fa2cf
-
SHA512
1d6be75f3ede0d5cdc91cb17bca15130a83e30a21f754b7e2f15fad4e2cc7e1fa4c9314b80b2a4f4eb0c85bc0f315f4fcad352bf15cc6b5b13111430c8d04b36
Static task
static1
Behavioral task
behavioral1
Sample
返回提示_ 28072020 _ [REF0000360261].exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
返回提示_ 28072020 _ [REF0000360261].exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dachanq.cc - Port:
587 - Username:
[email protected] - Password:
MKNXoqR2
Targets
-
-
Target
返回提示_ 28072020 _ [REF0000360261].exe
-
Size
865KB
-
MD5
c8deca22ffcce8d8e91978fe284304d7
-
SHA1
535251259839619cbfc57ad5b36ce4690492ecc8
-
SHA256
1fafadae2db218051fb1b353ac4682f0b5fc71e757c3fe094315a7127e94a091
-
SHA512
9c4755884148a336871b5c9819ff2bcf662c61ddd2d17c6c86f937bde11e7a993227b52cb79f3c3ba0f628bdbd6a248b1725f3fe088f2e4a968b37b119f27fde
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-