General
-
Target
4c9b2ac9186158cddca77ae58b415445491079f3721b1126f2f7d30a32913e80
-
Size
959KB
-
Sample
220521-m81lcadcd5
-
MD5
890fd7baad5fcc9ff7e72e3aa39ae070
-
SHA1
d6c5e6943e1accb9e993fbc0cf6a1929d61e21a0
-
SHA256
4c9b2ac9186158cddca77ae58b415445491079f3721b1126f2f7d30a32913e80
-
SHA512
c44f6ea6d3d3fe63cac719e14cc59c2aa12c2a52417c2201660983831f320347a31fe8c2517666af7bcb88c74892331697ac0469ec56023228cecfa5cff5b4ed
Static task
static1
Behavioral task
behavioral1
Sample
GEA_5556789.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GEA_5556789.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
GEA_5556789
-
Size
1.4MB
-
MD5
f27fed1c7cb331f04fdcfecedc899c7d
-
SHA1
abeb646efcb893c29d5e26c01d3cc8b6013b6b22
-
SHA256
b4a49ab94a3bc704c6eb3394df82ebae6e04dd139a765db41db66e65457b0673
-
SHA512
795c78eb55cc65bfeaf880f2b7f34f929e272f434bdbe6760b3521e02eadf638ff6c8b94c5ee64230cc575edbc8d7293078d9e2d16f6f8056614f6adbea92208
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-