General
-
Target
695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876
-
Size
465KB
-
Sample
220521-bkg9bafacq
-
MD5
368e8738d3e4d31540f07bd65725d46b
-
SHA1
baf571b92436b9901ece1b5887ae478e10c3eb3e
-
SHA256
695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876
-
SHA512
ec2f96724b66599c5183ed3e51b56404a9857bcf7ba057dda479cac045a670f763e2135ebd2362b4e3be8ff24d91f6aae92a7489c81ef7657ba855505d4231bb
Static task
static1
Behavioral task
behavioral1
Sample
Offer Require #200444.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Offer Require #200444.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ikrrispharmanetwork.com - Port:
587 - Username:
[email protected] - Password:
Q5Ab{kp_p0?a
Targets
-
-
Target
Offer Require #200444.exe
-
Size
773KB
-
MD5
92d133a476a560d79719e064e5f13632
-
SHA1
fa56651160469f0766ad473627ced8ec3b5b17e1
-
SHA256
d58f997b8ee320ecd735457793e3f266ad3108dcc3306274431fe34c22f903fb
-
SHA512
af16c739675e80f67d4afcf933a91edda0b19c31114ae86b5a701209257638426812045f12f8c241cf6dfbd947efa53a63af497d7c82c48b74ae13b3c02ba1f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-