General
-
Target
08cf0defd6f852c673579fb43a3b8f37685926ce4fbf819a09a9420ecd06dde0
-
Size
394KB
-
Sample
220521-bce4zsbfg5
-
MD5
f562fd1d5228493ac3e4d7c05c7aeebb
-
SHA1
fe056cefbf8bf30e463ea294bb92ed23e564757e
-
SHA256
08cf0defd6f852c673579fb43a3b8f37685926ce4fbf819a09a9420ecd06dde0
-
SHA512
a9abd85acb6b6d53e4ad3b247aedc9e34b98619912c63ec0f344e6716cb251ec0992a8df204b79861fc785c92ab799c8bcd6a9dbf871e12c89786ee9e46b8105
Static task
static1
Behavioral task
behavioral1
Sample
G1HSlFmaoOFnQh8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
G1HSlFmaoOFnQh8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
b}j8vkJ5iJ##
Targets
-
-
Target
G1HSlFmaoOFnQh8.exe
-
Size
433KB
-
MD5
a02cebdf6de7953fd7ebb3d5640408ca
-
SHA1
40fa21dc2628cf2ef2dad5f04080ff3c87c0765f
-
SHA256
6b289f4c862c4205a7debaa7217dfad7e66b56dcd3274e9b4ee530aa0e380037
-
SHA512
fe1db44d70003b06b71c66bf21786c412f1f4fc4c21c40548d894534a04acc3d6f95004b190a812b428e2f176f452ef4ca43742fd3f9ea43bcf316c7b9454527
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-