General
-
Target
759141559a06bbc86325e2b7395e2abf20796ed5aa9dd172b384ff2bccbd6260
-
Size
405KB
-
Sample
220521-bkfeqacaa2
-
MD5
94af723eb0c493cf9b663b8ae9100ba6
-
SHA1
dbc1e89c6f0a99cca1549769850bb8974cc80164
-
SHA256
759141559a06bbc86325e2b7395e2abf20796ed5aa9dd172b384ff2bccbd6260
-
SHA512
13fe6bd912d5867db27bdb2afd3537d2d4a3747f5daf8d1b99b2ed20ef6a3cc4e4cabbd3f7c3159cc5748d9263b8d2d25208c2555cd890b0958a543151b37c72
Static task
static1
Behavioral task
behavioral1
Sample
STOCK EXCHANGE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
STOCK EXCHANGE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.temboventures.co.ke - Port:
587 - Username:
[email protected] - Password:
?Tvc@2018
Extracted
Protocol: smtp- Host:
mail.temboventures.co.ke - Port:
587 - Username:
[email protected] - Password:
?Tvc@2018
Targets
-
-
Target
STOCK EXCHANGE.exe
-
Size
694KB
-
MD5
d307e4942275f05ff9389329301aef67
-
SHA1
65a6a683250777cca0bdb61d9b6b6418c31cadaf
-
SHA256
9ee99b4dcb7d53e8638d0030e5328ad081a272b0e785f258d5377d9503dcf10d
-
SHA512
baeb420ddb9a390052668c922a6e275254c5d36224b28f2e5807a2e5482722dcee2e85f3a89644be8ddb6636f456271b95cb12b43afcf2d0dd37a21a5efa3a8b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-