General
-
Target
8634e5af5bc6c5c8ccb908c130ced51ea0eb81e81e77740eafb5f7f8876026f3
-
Size
325KB
-
Sample
220521-n44b4shgdq
-
MD5
55572d9e5ec7f55307802abab904e9ed
-
SHA1
0a0011099bdde7e6aa1f239ba3b44bc798a1b38c
-
SHA256
8634e5af5bc6c5c8ccb908c130ced51ea0eb81e81e77740eafb5f7f8876026f3
-
SHA512
8e3f205f17b93f2086e88161523694e1c08faf1f3a9c97bbad5cd519195b03711d11c38a1e7178c0c4b6d9dfc6a43ac9b0941a3799c2122de6d7b911c6b0d76f
Static task
static1
Behavioral task
behavioral1
Sample
Scan0002736.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scan0002736.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.westairconnect.website - Port:
587 - Username:
[email protected] - Password:
L]O4YyMF8{oL
Targets
-
-
Target
Scan0002736.exe
-
Size
493KB
-
MD5
07642b41a1bdf645c2e746265a029751
-
SHA1
3faa2e660d328cc0c1efd04712ce43fb46dea2ad
-
SHA256
af4614a203bf30b1a7d9cd1f3eb86ea531dd2f15849a69fd8df3f0502f58e4e1
-
SHA512
c8f95df3afc426a628e4dad2ee09d9d2c0b26d85a5c1136a774bb44ca6749dfdcb680945a4e8add1c29bf91105fdbaf01ebbcbe1fb463c798d19fed8e2a52929
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-