General
-
Target
e76d6da122bcc06d411f538e4eee5606d2d85920f5651613b3f6f2e41b197c37
-
Size
491KB
-
Sample
220521-bmn5msfbcn
-
MD5
0a03d820986e1de9b235abc8d10df3d8
-
SHA1
349c04fad86f158d599bcf1d8ef1648ebd69807a
-
SHA256
e76d6da122bcc06d411f538e4eee5606d2d85920f5651613b3f6f2e41b197c37
-
SHA512
9aae3baf3ed8051800adb2c847d1eab90ad3eea28397b2a2ef360a906a8710590615a05e5ce0482199df8babd67785e77ba4cbb8bd1cf83199feff7fe936b79e
Static task
static1
Behavioral task
behavioral1
Sample
EK-2020-06-49SP - M.E. docx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EK-2020-06-49SP - M.E. docx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greenleaf.co.ke - Port:
587 - Username:
[email protected] - Password:
nassir@321
Extracted
Protocol: smtp- Host:
mail.greenleaf.co.ke - Port:
587 - Username:
[email protected] - Password:
nassir@321
Targets
-
-
Target
EK-2020-06-49SP - M.E. docx.exe
-
Size
680KB
-
MD5
2a39d9260dcb26bd8f05084f8fc2b2cc
-
SHA1
7abf88f5ee537c434c85235fa9ddb2a1b24bc2af
-
SHA256
28c522239124483bcc83ca08cd0cbb3af1a9a3e18a1d8648e958c153c8e9e110
-
SHA512
dd48ce4de47c47a011eb53f99c6d71f9489e94836427e5fbdaa759557afe9b87e79dbc4cb094b5877011ffd5650f4d526ab54b0c4e5db069b8bb72b025a31ed7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-