General
-
Target
5f3ae1dc435ebdcc054f21afe4987b4db5b00e2ac8e9b89d9b447e60d9fbe553
-
Size
279KB
-
Sample
220521-arfhmadfal
-
MD5
778425310058efb130329d819b66f0fd
-
SHA1
a60e243500e6537170a4f0501f3029f12c8930bf
-
SHA256
5f3ae1dc435ebdcc054f21afe4987b4db5b00e2ac8e9b89d9b447e60d9fbe553
-
SHA512
44d2f71081abb689336b00b6e9129241640c6ed4c17b4358e799b089eed8973cfea5b81029d2966e257092d5c71789bfac4522538d647746a8a82f850cefb96d
Static task
static1
Behavioral task
behavioral1
Sample
AWB#5421457894.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB#5421457894.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
babakings32
Targets
-
-
Target
AWB#5421457894.exe
-
Size
676KB
-
MD5
fb20529923ea7480ca21d00fce76c327
-
SHA1
46dada6d2eda24b9d9baa954dcad8860a8848126
-
SHA256
c01176f8ccb757f80cb32c809cfe0ceec9e100b199d4beec5f92adb824517869
-
SHA512
be795350060e13318700330966fc710d954fb58be47b2654ceb8a19cce251ac539e3d6e6549a4e25835f2e43c33b62cfefbcda6ddbadff6a337d571c744096ed
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-