General
-
Target
61a7b6c8314f4a210e6388901c64c935bbf21705ad17c9e8c3cc9a2e49f17241
-
Size
422KB
-
Sample
220521-ba3r9sbfb7
-
MD5
bd3b5f9f6c62b8066b5c40a1ea7dbe29
-
SHA1
2d79776d7a898fdc0c3fff50dc93388b4aeebbfb
-
SHA256
61a7b6c8314f4a210e6388901c64c935bbf21705ad17c9e8c3cc9a2e49f17241
-
SHA512
fcf0937af732c56a1411712669cae3abd7a9247d408d5fddf4e8ad4c0fde4291fea394acc1955d28523c51f0ea61fbfd228df31911c689e158dca181f1ef71bd
Static task
static1
Behavioral task
behavioral1
Sample
KJXoKsX3xQ3R5Lc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KJXoKsX3xQ3R5Lc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Extracted
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Targets
-
-
Target
KJXoKsX3xQ3R5Lc.exe
-
Size
492KB
-
MD5
f5444a820d7766ff40f6ef897523dff7
-
SHA1
dcda973df847c7cf57da8b11e2edf5513e06bee0
-
SHA256
4b3e598d62c99a129dd56d898870bc1331b1e17bfb50a1db46e97939642e617a
-
SHA512
cc4792627c2ef3d5618f5e2b0496852a7d4f287e9ff504da543cd3634a2a1e1a18a78bf3646ebeace69e2e532190adb2c459a097ee71053151c4c2f927fb44ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-