General
-
Target
a121326cc19b1577e58f7d158a00f177e17838aa3c58f87442810e03e43d7416
-
Size
1.2MB
-
Sample
220521-cwp9qshffq
-
MD5
9f0b2a3a1f4bc7c5f5c3387f88243906
-
SHA1
9423646f5bf1e8292f154ef521f6a4cea105809c
-
SHA256
a121326cc19b1577e58f7d158a00f177e17838aa3c58f87442810e03e43d7416
-
SHA512
3511529146127ef831ea012aa2c5a58c417f6990ca33d102446e5a7849c4cd38eb9ce14aa7a172f505156cba9ea6d4005f6c6da5d9e0989a3b12684bd120e740
Static task
static1
Behavioral task
behavioral1
Sample
_NEW_SAM.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
_NEW_SAM.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.group-lem.com - Port:
587 - Username:
[email protected] - Password:
@@zsnB@7
Targets
-
-
Target
_NEW_SAM.EXE
-
Size
453KB
-
MD5
c04719c0bf404d71e89dd8f13450004a
-
SHA1
41901bcd3542a0bb305b73aff1fc3bc783a835c3
-
SHA256
93220c70797eba4d500358a0aa5da89dd5008633fc10c39f47fe57a5d01dcff3
-
SHA512
5fe381fd5e550b9ada35f14d48342cc7aee1f16e5617c1f471cd7872dafc5e554d1e4d5f023c87f9c74502956c4867765e18e4cb762ff46db8114e2d78ac9bcb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-