General
-
Target
c3e4ef601f74d417fc6eb43f476a53e99c61f78b3890205b9d51ca9896eea229
-
Size
352KB
-
Sample
220521-n1bgxshefn
-
MD5
2525beb5c8adfa8d81efd475963d5c66
-
SHA1
f267beef8064d09ce8aaa42b2c3157be02238036
-
SHA256
c3e4ef601f74d417fc6eb43f476a53e99c61f78b3890205b9d51ca9896eea229
-
SHA512
81d899712067a8a2734812d92ff0ff00075e61efa294ec20193798d108467894a6ea152270764d0e3dcf6543a9255c268812906f20b4fa3ef5297c0b7ef7f334
Static task
static1
Behavioral task
behavioral1
Sample
Our Comapny Profile.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Our Comapny Profile.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Targets
-
-
Target
Our Comapny Profile.exe
-
Size
511KB
-
MD5
dffe94f322f08bfa232ec74132bba4dc
-
SHA1
295f6e2d6ba25039dc7e060f58cca62e76a3cea9
-
SHA256
c7b49d64f3d9a7201d376c1c85085e8aed8b2911e0a7049047a6e8df62e0d70b
-
SHA512
96c86b0a473cccf48b8efa032331573a9fa948b09227f8f0902da8b11b761cd36021b524fd569f26cfcac1fa7b6f04e8df9e09ab440d3339205982c5e5af6939
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-