General
-
Target
a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde
-
Size
374KB
-
Sample
220521-n3ex5ahfer
-
MD5
783117c5109242862f5b83a81014e4f6
-
SHA1
049403c4b7485065077f3a2da1ccfd08c4dc5073
-
SHA256
a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde
-
SHA512
7cbbe26e74349f2ca0d53ecba6bfc28a833a3c80d2abac354b5a1e8a243e5996c6bc903a24ea70ca555ae063bbde839c7fd311b6450652e3f5547b6095b340e1
Static task
static1
Behavioral task
behavioral1
Sample
Account Details.docx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account Details.docx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
twire.icu - Port:
587 - Username:
[email protected] - Password:
Amarachi@#$
Targets
-
-
Target
Account Details.docx.exe
-
Size
406KB
-
MD5
3fd221aa6a0d95df5894e38a16cfecf1
-
SHA1
a44d376a9aae6eeb368396925ab82a81e1b8f4c1
-
SHA256
47279cbd996ae6cd51c09c77529472475d50b0f8aaf3a092bdd1f53a3f94e61f
-
SHA512
7dfe2f5fac7bc9ff66bcb5710f3a8b60713713d93059b3536dac2e1e7f4ba33245c5fe9ecb9de0b6b36e1910ca4c5ec320fc135ff25138314929ea0525e913b5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-