General
-
Target
47cdaaedb26013a9f4ef2702612c6caa8a19d180a385541ea766348c92bba321
-
Size
592KB
-
Sample
220521-elp74acedm
-
MD5
87f9e8a8f8173edb9ce54478690908ca
-
SHA1
b3fde0ec787e0dfebf74cddd55fd8ba44f1b5d8f
-
SHA256
47cdaaedb26013a9f4ef2702612c6caa8a19d180a385541ea766348c92bba321
-
SHA512
1024738af463c889ff9b02fb5037fa45fae28507ebc9795457ce152e678c681ee092dd2a2d9bc8b68a41cb465ae8d8ac517da73fe523a833fe54ba725cbf6c23
Static task
static1
Behavioral task
behavioral1
Sample
# Q76175GT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
# Q76175GT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alsayyadi.com - Port:
587 - Username:
[email protected] - Password:
sayyadi2017_2018
Targets
-
-
Target
# Q76175GT.exe
-
Size
617KB
-
MD5
0f120198dfba55560b373310b984f680
-
SHA1
a12623363d36f0f0f15158979844b8297a634f0d
-
SHA256
1a95d98829e3ca5f9818da7ec49d304b39a3f5c19cf21d1c0fd516ef17572362
-
SHA512
5edc41790852706a6a092ed9b459fda8e08692eb35f865dff71aae1978a43500e062d3888376ff091ea52c4f066dfe7bc24671f9e34e1992ef379e9e3c642a96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-