General
-
Target
726cb97c5e1f02b5808a7dc40545fc7d2d36f7fde7c1f1d00b0c0c55774ac88a
-
Size
449KB
-
Sample
220521-bkf19acaa3
-
MD5
a868cd88c8faa6ec1a834b74794ec2fe
-
SHA1
5b04660197959e115a0a31e52b1c2769d99c069c
-
SHA256
726cb97c5e1f02b5808a7dc40545fc7d2d36f7fde7c1f1d00b0c0c55774ac88a
-
SHA512
1959b69e897dea851fd3f118b553cda9a2f615e6964e7a717881e1d3776f01c11a32c62da05dcac641563cf891f6c110999aabea535f9d545e8aa840e80ac59c
Static task
static1
Behavioral task
behavioral1
Sample
Document_doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document_doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
sepp2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
sepp2424@
Targets
-
-
Target
Document_doc.exe
-
Size
701KB
-
MD5
6830c810460cff47d98eeba1da284d8b
-
SHA1
8157d602397347a63a33c88d7ccefd062c173077
-
SHA256
fc5d726d95be8b98a0e9ab3af51cc998255d1638049ba0d18cd7a6545f27d1ca
-
SHA512
c77b5b4728a116ca57688baaede84e508f4121acdb9c777209d8f2ee399ff1a1be10d5d47361527c9bb2ea8730caa743c6b74c0479e59c8d2ae20a87a7d73202
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-