General
-
Target
57a86028ddeb27c9c8a20f83ac654c84dd15e1403721cd457f4af1c7590c86ff
-
Size
368KB
-
Sample
220521-n2yzlshfdk
-
MD5
41778a8618692a0b88cf4b07a47f5a5c
-
SHA1
aaf24f42b58e730e3caba94a6adf58950fe970b8
-
SHA256
57a86028ddeb27c9c8a20f83ac654c84dd15e1403721cd457f4af1c7590c86ff
-
SHA512
bdb058a05d367fae3aa4a243e224ac207207a1a60bcf3fb103170f9545f41e35c6fe9ee854236eb64fd3dc2f949eb90e4a6cf2fb352f6090fe759848b57a94f9
Static task
static1
Behavioral task
behavioral1
Sample
11.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
11.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.umgservicios.com - Port:
587 - Username:
[email protected] - Password:
hOZ6c6%@I6bRL$0u
Targets
-
-
Target
11.exe
-
Size
644KB
-
MD5
4176633e6210384b6cc59d563f094fba
-
SHA1
f38ce8ae0c6c9b4762c547fc0e38c01617706da3
-
SHA256
e93ac650630bc4b2eab3909ddd47aaa87fec1fc013657039a5c2c1e15fc5d2a2
-
SHA512
e885fed8c46f9c83eb42ea2d34f48338c4fcbff0d97c8692d9bc3649f991e7c63be571b5d2361d8da7dcd471f44a00b43481940bc8ae837baf291cd5de25e521
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-