General
-
Target
9c325ad8be21ef3854bfa6ad8973e2fb6a78483efdbdb6b5b73721792fe76c7b
-
Size
1.2MB
-
Sample
220521-cxmj8shfhq
-
MD5
6ca4414f1fdfa27927daebaf4e6d4fe9
-
SHA1
f4ee479bf8c4e695adc1528b27b84562279da378
-
SHA256
9c325ad8be21ef3854bfa6ad8973e2fb6a78483efdbdb6b5b73721792fe76c7b
-
SHA512
616ef2a71fe0286b5b22da08ef44793ebf97171115a0dc5ca23534b388f1a111e221d9f3bf232f2b85e251bdc8da7ef29862dbd1f0430fb3dc9dc37aa97d965e
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TRANSFER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.emifarma.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
TRANSFER.BAT
-
Size
493KB
-
MD5
3e9bc2db09c263ed62e3952bf5be5476
-
SHA1
87a424f96bf0a92aa284c3dc0ad8898ba4972656
-
SHA256
4463f1c552020c3ec8e199d8369a96abe0729d055b487c2226938897629e5e80
-
SHA512
3b2b34cf36dd6421d9a4c7ba7cde68d5aa8d2bbc83c8a89c78608aff26f497c3b29c00191a0521401e1eae0474312e0fe94ed7fc38828654b779c864f5554569
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-