General
-
Target
f4849db5c662c4631ac333b87c539cb8c24f5639fe7d0447c77af1c6467bb1a3
-
Size
891KB
-
Sample
220521-mz4lmscge6
-
MD5
440ced4fbb0e5a999cc1fb776c440a1f
-
SHA1
bdc0d4c0a3f3a13fa70fe9b6e65957495529d738
-
SHA256
f4849db5c662c4631ac333b87c539cb8c24f5639fe7d0447c77af1c6467bb1a3
-
SHA512
ccab352174efe2e885760088dca197e9880e137dc20daf3293948aea5fa57f77782d8430268dacfd5a6319b5bd8250358131a7b8fe2da5120ed4f599161ab088
Static task
static1
Behavioral task
behavioral1
Sample
Machine PO3742020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Machine PO3742020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.radarcncs.com/ - Port:
21 - Username:
[email protected] - Password:
8,4=M~_i,5NV
Protocol: ftp- Host:
ftp://ftp.radarcncs.com/ - Port:
21 - Username:
[email protected] - Password:
8,4=M~_i,5NV
Targets
-
-
Target
Machine PO3742020.exe
-
Size
933KB
-
MD5
7c4973893485e12e5cc3a888d42b8518
-
SHA1
21f6a5344a658ae2e79415f086d7663673e2d3c8
-
SHA256
5ebbf9654d1eeecb0f4b71e3253d1420c131277d93af9a47150b9f631958fd8d
-
SHA512
9fc1ddca8381913e5432611eefbe69375a4df9a425a9ea21304500047ef24c42cb7d0437b3010835a0fa401d932f711a86d8a38c4f058f98b79d4dbcbe8d8596
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-