General
-
Target
fd22469fbe5ff6450360296416c5e0b89c0583bb1080b6ad64d476f8961942cc
-
Size
444KB
-
Sample
220521-mxqa8scfb7
-
MD5
4ce017a28b428ff7fc7bd4bc59088112
-
SHA1
2adefc8af0e90063fbc25a09d971c4793b6f0cf8
-
SHA256
fd22469fbe5ff6450360296416c5e0b89c0583bb1080b6ad64d476f8961942cc
-
SHA512
4915e96528037ff473a2620a60b3a180bd7cf622eecd03d130350ee3e2cf6ae1bd3b2f9ad400b9e08930517f2ed9881c4f5a5d42182924943bb1d90400d5f8d0
Static task
static1
Behavioral task
behavioral1
Sample
sam123.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sam123.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shrc-india.com - Port:
587 - Username:
[email protected] - Password:
Orders@9999
Targets
-
-
Target
sam123.exe
-
Size
694KB
-
MD5
37d0f2c1177b55d247c8580a3f63c165
-
SHA1
0cb64a604e5866ac223d28c769b34095d4abfda0
-
SHA256
dbbaf0499e544e3832699110f71f62a521ec93cc8a74656c92af7023f554d897
-
SHA512
fe06b99608f92c1c94e174d46a27303b2f29747152a02713e3cbebf5971e029eadeae3f3d23dcb57cc15b01bb7e9468d25579a64d5c19ea5d518d5469d33e707
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-