General
-
Target
6338cb73a1210d16efa560f54950824aa748cd5f71a119334ec3f321301f835b
-
Size
453KB
-
Sample
220521-my3mysfhaj
-
MD5
017a7ab36fc79a9f27466366e495cf55
-
SHA1
4590aaef5184f7ae05291515b42a314898aa1ccd
-
SHA256
6338cb73a1210d16efa560f54950824aa748cd5f71a119334ec3f321301f835b
-
SHA512
8027077362b56b45626d501daaa3ab5eb6f2b2a76c4de211fa42bc43369aa8fca35f63b1d60c7313a9b06b6ffc197ebf3289da3794915bf0185b58a378f7853b
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry 500674 {ANSYS ENGINEERING PVT.LTD}.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry 500674 {ANSYS ENGINEERING PVT.LTD}.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ikrrispharmanetwork.com - Port:
587 - Username:
[email protected] - Password:
Q5Ab{kp_p0?a
Targets
-
-
Target
Inquiry 500674 {ANSYS ENGINEERING PVT.LTD}.exe
-
Size
732KB
-
MD5
f988fdb69000424a89e909098c92e224
-
SHA1
8d229a101ae821c01d5af3addb4063c98a39e279
-
SHA256
d7834fcfcc6566637c03e6d09dfa4f8bd51ed085b6a7fc75b33d458947d2c997
-
SHA512
212ff772be795700af034cf181c9e36330fe69addd14f097e6f44ddbd1e372e505a4cb7c4548c7162b3ac4a3ba061e9bdaa4b51b0d64211adff99147da1e4eec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-