General
-
Target
173ac22fd9ad3d4d17daac6b2225e4df5ffcea4fcf1eef2860b0d7049a370c5a
-
Size
355KB
-
Sample
220521-bb81nsbff5
-
MD5
556149a5478ce62eda9dc659326569b4
-
SHA1
930dd1635ebc22c556e4350449cfeafa9f1bbc3e
-
SHA256
173ac22fd9ad3d4d17daac6b2225e4df5ffcea4fcf1eef2860b0d7049a370c5a
-
SHA512
4aa919a27914d29a0275aa11fe5d58434c7d25ced781629b0f4eee8a99ae8654cba3e82ef97fabc27009a9e3c04801458f559f5bcad357589b643ea2ec2bbefb
Static task
static1
Behavioral task
behavioral1
Sample
NEW P O 853485748594..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW P O 853485748594..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
NEW P O 853485748594..exe
-
Size
395KB
-
MD5
acff1f32ff311112ec7c363dfbc4280a
-
SHA1
cab26161b94b34c0bd08f49c0f02fa588b737df6
-
SHA256
91e6ff50bf3e739323a5420c6fec2495a4eac110118013438852f063df9cc2a9
-
SHA512
97d8e8508530af126fc148d1fdda2e937ef693abada5b0dc435ad78d0d0551d8970004692c6e0c0a537089fa0df698527a22e29da56afd636c1b43a04c21c5e8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-