General
-
Target
90b6a73c829a060af416d82d5c82773928077d4f05ed95080e6da64148bf0675
-
Size
470KB
-
Sample
220521-n14tgaedg5
-
MD5
cb13df63bbc9255a683738d551b515f8
-
SHA1
c44ef62a98e5a3f2e39c6b72d40f6cb427b0b04b
-
SHA256
90b6a73c829a060af416d82d5c82773928077d4f05ed95080e6da64148bf0675
-
SHA512
4d17f2c21ed8225595a65b6671091a6777490f9f91d0224330bccb3f384df4e7c8c0dd68a2ccaaeea364d2e727be4a096cbafa24884c3ce08d39b885a1048bf9
Static task
static1
Behavioral task
behavioral1
Sample
Statement Account - MAY 2020-pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Statement Account - MAY 2020-pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hitechnocrats.com - Port:
587 - Username:
[email protected] - Password:
tnbJ_YL&GmP}
Targets
-
-
Target
Statement Account - MAY 2020-pdf.exe
-
Size
755KB
-
MD5
fbb290fd8d65ca723cf81a9f9ed20c02
-
SHA1
b73f0725cb29eb6f1abcc3ea86f792f8d3c2d8b0
-
SHA256
d146eb20c0c3745f4e74267f468a4fc870c1639b48bdd634d10f82856e7b59e9
-
SHA512
ccfaee8f96a8b6753a965e0eda2c49a81d4d7c5ec1c901bab38d7db2ebb446acca62600c8e4ceeb3ba8b87bb293c8dfc7e872ab38c96e9b6363eac07d2d06c7b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-