General
-
Target
573fb8cdbeb3c46d834a161615346b9bc2e2d884f3c5b135d0528748489718a9
-
Size
356KB
-
Sample
220521-n7288ahhhk
-
MD5
06decb405db1699986008253f9626841
-
SHA1
7b8a257e62435bd68791e8bcad2b2c0abb0a2fc4
-
SHA256
573fb8cdbeb3c46d834a161615346b9bc2e2d884f3c5b135d0528748489718a9
-
SHA512
66f33c16dd3cdca30f1f11de8c47ede846e6f3e3198b7df33c517ef22a412a7ec981ef682a531cba4c60d2b95173ab92b4c0ce1a259e44da4833d3aefbaebe39
Static task
static1
Behavioral task
behavioral1
Sample
ce10gm3d.swj.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ce10gm3d.swj.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.waman.in - Port:
587 - Username:
enquiry@waman.in - Password:
enquiry@2020
Targets
-
-
Target
ce10gm3d.swj.exe
-
Size
427KB
-
MD5
dce31d2eba49d580496fcb3124397a46
-
SHA1
93a9faa46033fd2513cdb5f621cd4b7038351867
-
SHA256
847c47a4c1a5db11dd89626915bb922f8213bb5ab61d449857fbf62660a63dda
-
SHA512
58340a4253882df7c02518ed41fc12c5aa713e71ec19f0e136b354712dcfe84424960e4edb6bd8e96f0966eda3f0be1a9306b584deb4a477afcbbfec0207e925
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-