General
-
Target
287b960d3db25c42d2340efd154346bc7aaa18e8ee4aadcdd0813d46eb6ea565
-
Size
400KB
-
Sample
220521-bw9gyacfb4
-
MD5
d863a43a7aaf50dbbd8a611a45447734
-
SHA1
94a014f105037566755a8e6175649eb429353fb9
-
SHA256
287b960d3db25c42d2340efd154346bc7aaa18e8ee4aadcdd0813d46eb6ea565
-
SHA512
f1aa0d0646b743f4899ed560281bc0fde676e42c89398ab72314a257747e6dc6bbdbb479cf71c71442180c29386e3a3f569e21648a39831c6bdbe6d20bb142f4
Static task
static1
Behavioral task
behavioral1
Sample
SC4305132020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SC4305132020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e!Wcqa%07pK~
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e!Wcqa%07pK~
Targets
-
-
Target
SC4305132020.exe
-
Size
423KB
-
MD5
1476ce63f946c85745c3c03723252ef0
-
SHA1
01270d77e8b7bfa61963e84e4e1340eb5946f6f1
-
SHA256
57c1873ebd6818c6fb4425f51ca1a2450bf4da0dc4a3269e637dfe1ea13dc42a
-
SHA512
395043e6135b8cf82a16fffa8478b1d42e5f5c4efe962f461eab448f26fd1596c22c32738ab95d35142238da88d8cf745448950d786152bf52364ced0b3db673
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-