General
-
Target
1e476a5cc09807de055c55798df681268989a738456c534d4bfdcb82781f9d07
-
Size
379KB
-
Sample
220521-bb42qaegak
-
MD5
9fb88f3a0fa809313d8dfe92d12f8064
-
SHA1
204723642d6e19d22b8ec69e532be9dcbcb3a080
-
SHA256
1e476a5cc09807de055c55798df681268989a738456c534d4bfdcb82781f9d07
-
SHA512
e438accfadf342eb605af422fae5cc44f006f0590d3edfcf26a2230273c04f2f5a9c4eff11befdc328207b45f5419950dec6097b98d868ee333f741f196b20d2
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
(UxyAlp7
Targets
-
-
Target
Company Profile.exe
-
Size
419KB
-
MD5
49a035dc1136ee719a29a7a359cfc24f
-
SHA1
749a09ddde927c7e02f4b94a2ef4ca9776a5dc17
-
SHA256
759084fe8aec51cc1cd648c78a6319f862bf78c41aca7f6357bbca5eb7373e93
-
SHA512
3f5cc930c686cc98874e09a61e6cbd1e9803ee3a6df53ea1204fff104687efbb6c046c1a04e0b1aee46cfad77dad37c7a36bc61fc41286682b980e1d10330b28
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-