General
-
Target
386c4326071c1acde4250d879faf8b465669ea204dcc9b0716969624db277935
-
Size
469KB
-
Sample
220521-az7l3seafm
-
MD5
eabb4c31a1a98fedb8a24b9eee7863b1
-
SHA1
32ca438eb32c87fbe62ecdb3d16036d6ab7268aa
-
SHA256
386c4326071c1acde4250d879faf8b465669ea204dcc9b0716969624db277935
-
SHA512
ca35fa81920c4373309f210200232ca7c5cc7bf435ffc8418895fcc76bd3e157ae8926f6ed7df8b0f719129b4e1e20c6cfd844fc23df3f9eb71f8c385b0adaef
Static task
static1
Behavioral task
behavioral1
Sample
b2fK6CUY7ZOdPkM.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b2fK6CUY7ZOdPkM.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
je12vi345
Extracted
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
je12vi345
Targets
-
-
Target
b2fK6CUY7ZOdPkM.exe
-
Size
667KB
-
MD5
6d2b65710b2167d358d36f4304d5c9e7
-
SHA1
bd68ff6f8c8213bc968295c8565247039a829841
-
SHA256
59842fc6ee45de0381e917668856445fffcdfd3c6f42c8c229673ff33ff61f99
-
SHA512
dd2a05d48315711aa76340b3693fa37917536b0efc7686655d2a9e526e50310a1eef716b22eee60a1a3c77641812d8a3a400f07774bc3046389c471f2e523839
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-