General
-
Target
18896b3256b0f680ea314c37fdfa60f7a629c401aa3c543397438de83541d4df
-
Size
435KB
-
Sample
220521-bb663segan
-
MD5
d4b9edadb0bee0d5f4d5e79f1290d012
-
SHA1
e7218ba1c21d1e602dde1e0a70d3e0fe51f8f11d
-
SHA256
18896b3256b0f680ea314c37fdfa60f7a629c401aa3c543397438de83541d4df
-
SHA512
d9bc4a7338f892a9dccf92795d6f006e7d2380a9c8a7e9245b1224fca300203521cc1a066bdde7489ade9b496a6748c677fc91405bbdfe8197085a165e8a7060
Static task
static1
Behavioral task
behavioral1
Sample
FBA0KlDbyCLkrrq.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FBA0KlDbyCLkrrq.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Extracted
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
sup123st45
Targets
-
-
Target
FBA0KlDbyCLkrrq.exe
-
Size
505KB
-
MD5
08819db48ec45a6d8c752caf9bfe36be
-
SHA1
deba244e556dd127dc200cd3fa03f4a47e459caa
-
SHA256
dfdf88236afb5c46d1622fac66a2d5badd89bb9bd5fa18c247d1173375b51bbe
-
SHA512
60ccf9f6fb1a95a227099c1eaadb05d5ce85bd56138b485e519c925293b9d2c8744d093f5ec428a57ad9fdacb374eb45b82ad173c5a1df7843120c4f78001f84
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-