General
-
Target
5726f9fed6af397350d686cd49079950c5b76ffcbf73766fb419860f2fbaf0c6
-
Size
592KB
-
Sample
220521-elpassheb6
-
MD5
042fcb56bf672beec4af44fdbd0e4208
-
SHA1
8fcadf510585b272d8e9faa1fd8a70a947b5097c
-
SHA256
5726f9fed6af397350d686cd49079950c5b76ffcbf73766fb419860f2fbaf0c6
-
SHA512
226483a7704da2172b3872132a1945a3e2d777297ff1a3cafea7585a018a469d9a56c23bb5d35cb246b2cb63064f5187a95d0e9baa5f69e792453d0232eac138
Static task
static1
Behavioral task
behavioral1
Sample
# Q76175GT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
# Q76175GT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alsayyadi.com - Port:
587 - Username:
[email protected] - Password:
sayyadi2017_2018
Targets
-
-
Target
# Q76175GT.exe
-
Size
617KB
-
MD5
0f120198dfba55560b373310b984f680
-
SHA1
a12623363d36f0f0f15158979844b8297a634f0d
-
SHA256
1a95d98829e3ca5f9818da7ec49d304b39a3f5c19cf21d1c0fd516ef17572362
-
SHA512
5edc41790852706a6a092ed9b459fda8e08692eb35f865dff71aae1978a43500e062d3888376ff091ea52c4f066dfe7bc24671f9e34e1992ef379e9e3c642a96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-