General
-
Target
6c41eced15789027c6adf79782febf552ee38890d5f09acbfcfe0b3df18d3013
-
Size
399KB
-
Sample
220521-n6lj3shhbn
-
MD5
0ab7f5cfbb690ce2ea70ff4642d26778
-
SHA1
4ab2fe1523b2696a0021e7fe92d4796482c86836
-
SHA256
6c41eced15789027c6adf79782febf552ee38890d5f09acbfcfe0b3df18d3013
-
SHA512
dea6b25ee2f2462652d88e8a1c9138090de422e0d8d1bf6d7d5d8883c6c4cbb8b169dfddd92844cb14209eba9c50e79c89e788bfc821fb00637948a633191149
Static task
static1
Behavioral task
behavioral1
Sample
05-18-2020 ((GPI) S.A.R.L..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
05-18-2020 ((GPI) S.A.R.L..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Mummy212
Targets
-
-
Target
05-18-2020 ((GPI) S.A.R.L..exe
-
Size
451KB
-
MD5
5e8810a4781f34b1ed9a27a2333f4fe3
-
SHA1
1992030b2e85474d8236fd40c3e2bfd7ef45b8b5
-
SHA256
1c8fe3e075feed316c0015bb98b9ff39595937fbb83ab917da54bf03ec13d701
-
SHA512
7d204b4bfe652b61963ff1d74ec49eb67c86ee95503770ccac9588a7ec0a3dcca0db02fbb9e21a60c3895fc796f96aba11bfc4d7549518c173ba7b02be7b112f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-