General
-
Target
c47b2c9da733c77dde69544c8a58d174e8bae30add1fe4c0678cf1a42cd1f1a0
-
Size
488KB
-
Sample
220521-mycrjacfe9
-
MD5
6cc470067d611b6cfc4c7dfc9f362e70
-
SHA1
36eb3e9da15034f265cc38c5d577fb1806604c5f
-
SHA256
c47b2c9da733c77dde69544c8a58d174e8bae30add1fe4c0678cf1a42cd1f1a0
-
SHA512
69060f252ead005860a69f77dc034678c0341ab9d19ccf180414eb0292fd6fe8b67f064b498cf8ecf58a6b75baef6800cc8a6550733e9a33e19778c0e917198d
Static task
static1
Behavioral task
behavioral1
Sample
WB 20200813020804.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
WB 20200813020804.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
kelex2424@
Targets
-
-
Target
WB 20200813020804.exe
-
Size
794KB
-
MD5
97058b5b713fce6d98933758debac2bd
-
SHA1
aa1ef1ee348186489d9b6fc825d02aea5bc2abe8
-
SHA256
bcc8c0f61a1dfdfd76ebe02523c3eef4362cb7fb3413b24a7632a2262219a589
-
SHA512
842c4aa42314c28e9400ab1efc4c7ce22e48e1144dc0885b54908f38520b30e946fdadd8f3c9c7bf79fa48dc47ac6c6e1d4f8dca2f254c240c9d3267ca55f7ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-