General
-
Target
2bc88acb1adaeb42077029310d6a098063dd03fa8d222212da98d5187a3be540
-
Size
411KB
-
Sample
220521-bbx86sefgq
-
MD5
6c3059f91f318cfd9512df9ff62b56a7
-
SHA1
4c3eead277aa1e113968fcccf994ad21a09d4561
-
SHA256
2bc88acb1adaeb42077029310d6a098063dd03fa8d222212da98d5187a3be540
-
SHA512
656ed3d67e772826c46788dab898851dd30696d323f66472f730eee93b2ceffb24d380416e7a80438ada3d0067bca2df833af2d0e5cf4bd4f469c9e524375f13
Static task
static1
Behavioral task
behavioral1
Sample
7UNqtxzqan3sp7Z.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7UNqtxzqan3sp7Z.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
[email protected] - Password:
Miracle2020
Targets
-
-
Target
7UNqtxzqan3sp7Z.exe
-
Size
463KB
-
MD5
85bc2c6782588995ba58b97707c5bcf1
-
SHA1
ec1e02bc6208cab1dd7bdc5805c65cc0473f201e
-
SHA256
b60cffb90b7d115ebeb73bb66ceb3d64e33357d2b68ca0ff1d77ccfa14f2cf49
-
SHA512
d2ec5194b341c6f72ce466d793e3619ef8df029c13708bd10d2f0cf1780993b89bec6544311586fef341f671215f7608a0098cffb859f9250c8522d67b607945
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-