General
-
Target
bd7e71e407a242539dad024ecc99d63a5ef59d17ab9df2e97255f8f6c69a86bf
-
Size
461KB
-
Sample
220521-n1gc6shegl
-
MD5
a507ea5ae3d01e11364f827116e1c8d5
-
SHA1
863133be01d4e7cf946939f5602f2398c40084e6
-
SHA256
bd7e71e407a242539dad024ecc99d63a5ef59d17ab9df2e97255f8f6c69a86bf
-
SHA512
3159430bcf387cd7e0c88679afe3c44f60d905fdbd65fcff5cc00b53c36316124989e29d12d7f2007dc5c7398252fa147124d2fe73f03fe87f238593fdb01468
Static task
static1
Behavioral task
behavioral1
Sample
scan_956765768748898-sn-58787.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan_956765768748898-sn-58787.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.legalcounselbd.com - Port:
587 - Username:
info@legalcounselbd.com - Password:
Someone1234
Extracted
Protocol: smtp- Host:
mail.legalcounselbd.com - Port:
587 - Username:
info@legalcounselbd.com - Password:
Someone1234
Targets
-
-
Target
scan_956765768748898-sn-58787.exe
-
Size
901KB
-
MD5
ee41e40c46f008bf352e1c1f4bd7b160
-
SHA1
e2d985ef6d0558f022618cdf617bd991f0db4d11
-
SHA256
6830bfac98064f3af0a998d45d34bb9db0cb5499f22f9efd7afe7f59b294f25f
-
SHA512
41127dc8059a19da2db4ba9c4e1bf6e5249897978978e2ed7d6c634188fcf4f17a642ce1d34d6ff9cf41fd683607c867d2f773646eb77a5399fd853a28354654
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-