General
-
Target
570d4ac0ca764601b37e77aea4b5bf8138bdbaa24f46255fa68b09d4dc62869c
-
Size
1.6MB
-
Sample
220521-ejjbrshdf2
-
MD5
9ee8d82627de869ed99650c6946ff0c5
-
SHA1
acb23f5c01a3663068090bd96c2045088d2b680e
-
SHA256
570d4ac0ca764601b37e77aea4b5bf8138bdbaa24f46255fa68b09d4dc62869c
-
SHA512
d0b707888b4c49bb2243d77aac19b7acd60ec460f75526ba81ff55c81e235f3534ce537608d84378ecd763e3d4a9c06aca7048741f77ed27dde53925f9faaab4
Static task
static1
Behavioral task
behavioral1
Sample
hvala na predra?unu.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hvala na predra?unu.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kapackserv.com - Port:
587 - Username:
[email protected] - Password:
Gwou86k?R#Xng+ywl~
Targets
-
-
Target
hvala na predra?unu.exe
-
Size
2.0MB
-
MD5
1d025c80f31210ed9530941eae6633da
-
SHA1
9af0a3622f58f4b50c9159cead2f672ec4707ece
-
SHA256
b08f164f0363528f8928f01133da533a2868e12b95177df09b2f11e78510e02d
-
SHA512
5f5bcbfb2598c299f27aeb667301c8972b18e13306ccc53c3d47ff045bc7f29cbc2ca3e2ac1e9e521a7b2ca13549a635762aecbbc001babb4ebf30c040fd1b79
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-