General
-
Target
452465e6ae5ed95bac8429eb7517fd5591c872932a352f33932dec36308e7b51
-
Size
862KB
-
Sample
220521-b17txafhek
-
MD5
563a054d977f8ee963aa0eb4c5b065dc
-
SHA1
19bf467927d04c12e13f6a5a9aad03efcd1a4172
-
SHA256
452465e6ae5ed95bac8429eb7517fd5591c872932a352f33932dec36308e7b51
-
SHA512
31bcb93df227536c45742d26c69b103dc17cde280c349ebc65cd9af252acec732b76fa6739520f975cdbe47f8aa72785239902bffa16dcbf93c0791e686868f3
Static task
static1
Behavioral task
behavioral1
Sample
bestelling0617_img.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bestelling0617_img.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
bestelling0617_img.exe
-
Size
801KB
-
MD5
90cc17cfab3f7a33b6e75bc6d95af453
-
SHA1
2db5b5fe345cdc5b508880c1559706640c83009a
-
SHA256
c05f2597d7eefa874b49a615c112274a2d19e2149a420194aa428be36695268e
-
SHA512
746728a647cf3c4e8119158c753b5e4b18c53e14c562c06583872657078f25cf5b4323c08a6a1a00edb0bdca3e3db6b2cbb9bdc8e6272fb0c7960ed8602e2484
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-