General
-
Target
268bd83ef325bddda108a2571c40b29821484336a6c892941e68f564b8bd97b1
-
Size
475KB
-
Sample
220521-bxb8tscfb8
-
MD5
041775a08ff20415d58cedb0c3e9f492
-
SHA1
908393c30c923790c73eff00ffd8cda0a0d3f273
-
SHA256
268bd83ef325bddda108a2571c40b29821484336a6c892941e68f564b8bd97b1
-
SHA512
83f0afa7486e51ea38f0ca2527c80e82fcec49b37a6032196d0b494fd7015405318b96311aaa99d309987ea463e0e4038009c03e055f93257e8b5b1dc7ee1d3f
Behavioral task
behavioral1
Sample
AWB-5172133161.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB-5172133161.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
love@mafo.cc - Password:
success21
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
love@mafo.cc - Password:
success21
Targets
-
-
Target
AWB-5172133161.exe
-
Size
637KB
-
MD5
4cb5772b46cd9f50875cd840593980f8
-
SHA1
69021f80047a39643d331a5d661a30397e5b4872
-
SHA256
3565778eb404c19919977a17613f414d355f2bb22ddfb200c25ad07b9c128049
-
SHA512
67daafbf266a1d17fe875afe16758c7a1658ae50050883de13795079b38bf3e4c52328719bdbf8bd3dadd7d942b5bf008c2dfe21d0de58e0e75f679612d136a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-