General
-
Target
0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919
-
Size
349KB
-
Sample
220521-b6sbeagbej
-
MD5
46e1a696a7a038e547773f176ec46985
-
SHA1
11c5e51624e94f3cd6b4c98ee3896248b7587cfa
-
SHA256
0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919
-
SHA512
94770b6b6ef2620f09095ca688b14b0530e9651d797eef9d531107e0b273ed0152a34a67e9f29d2bcc4788ff23d63bd78155bb18c30ef0d3c3ae92bcaaf3ca94
Static task
static1
Behavioral task
behavioral1
Sample
23RF-6292020 (2).exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
[email protected] - Password:
#r4j#citeureup#13
Targets
-
-
Target
23RF-6292020 (2).exe
-
Size
404KB
-
MD5
1d0c89e5eda4b9ec0262235d7cab44bc
-
SHA1
31b5017599bcdd9e98aeb42abe6e736d08924eb9
-
SHA256
09e3903ce69ce7833be44661f3c02fdee3304b78afcb1314344f7e8c9588e4a7
-
SHA512
6ce5dc1028daeec162b825ee8ca09713617d702b439e4c620f79e7d621c00df66ed505c203ae038f909f1dc76a6033e19bfd6bc500f0ab3839806ab5f2faed45
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-