General
-
Target
4a95ad144039c290db25b51521df85a238955038e966edfe024194c152cc6508
-
Size
310KB
-
Sample
220521-n8qxksaabp
-
MD5
6a212a5f53c076c82ad272b9bd533777
-
SHA1
debac1b6e4fd762224e9e713f5a139b787626cb7
-
SHA256
4a95ad144039c290db25b51521df85a238955038e966edfe024194c152cc6508
-
SHA512
fab336b8e284751a3e8129da6318ba8b9aa3306543d355b97b5b7619d21f6da33fbd507b36f25b0372b420b7d580332bf334f08f25ffe803cb548caf52b1a11f
Static task
static1
Behavioral task
behavioral1
Sample
9TJL3pzWGBA7xkb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9TJL3pzWGBA7xkb.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
tako.de.veth@boskelis.com - Password:
b}j8vkJ5iJ##
Targets
-
-
Target
9TJL3pzWGBA7xkb.exe
-
Size
365KB
-
MD5
d32834409318e94aea5eb151ea817307
-
SHA1
e74338115d78491269e77512562fa05bce3d639e
-
SHA256
cddaba87c23bccb7f35195a872cbb5d719ec7fdc25c75743d63dcd416f2d0287
-
SHA512
8a79a1237dc7203f8b75ab400eac509c41967035a38555a5586d745e3eab6d229d6716a42bf05e1f960ab176554f4930b0c1312b4550fa5d4f1d0cc83c867fbb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-