General
-
Target
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd
-
Size
496KB
-
Sample
220521-b1nq2acgg2
-
MD5
660d4781735cf333d08824d98efa279d
-
SHA1
c61f3476128cd2c8ff50b5851e66c42ad714843f
-
SHA256
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd
-
SHA512
21e01a4fbf3ac8ceba8e246f2a3adbb7eed59eb43f5cc419e96f6fb38b5c937b09da4f35742da934b2908100b07377caef7784a7ff76a33889d8246e94831677
Static task
static1
Behavioral task
behavioral1
Sample
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kteadubai.com - Port:
587 - Username:
[email protected] - Password:
bt3tw9wqh#B
Targets
-
-
Target
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd
-
Size
496KB
-
MD5
660d4781735cf333d08824d98efa279d
-
SHA1
c61f3476128cd2c8ff50b5851e66c42ad714843f
-
SHA256
d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd
-
SHA512
21e01a4fbf3ac8ceba8e246f2a3adbb7eed59eb43f5cc419e96f6fb38b5c937b09da4f35742da934b2908100b07377caef7784a7ff76a33889d8246e94831677
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-