General
-
Target
4774f1a474d46ccab2dd8608a78d41f9cc0365c7f106608641c33a46c9fe86e3
-
Size
313KB
-
Sample
220521-nb2mtaddf4
-
MD5
1d31a19b07378a7745a685d094737e97
-
SHA1
07897e3c1a0d2e6874df1b777a5b7c690b1dd510
-
SHA256
4774f1a474d46ccab2dd8608a78d41f9cc0365c7f106608641c33a46c9fe86e3
-
SHA512
7385b938ea2f6f035f46b0e92c21b600189d9761ab4238d41844ac52483cf0189565110ada706c278e6a01f37aa6ec9f374dcc3ee789ca5ee24eff30e348860b
Static task
static1
Behavioral task
behavioral1
Sample
Candidate_list.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Candidate_list.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prime-lawfirm.com - Port:
587 - Username:
batoul@prime-lawfirm.com - Password:
P@ssword201?
Targets
-
-
Target
Candidate_list.exe
-
Size
331KB
-
MD5
db1cba646f5432bc3e528e9d67f9fc01
-
SHA1
0f5d941c986623b79484fdde2ce0d8f278163956
-
SHA256
75ce329091d54aa2fcf6cd6f58704493e0f4ac878279c49db239140051341931
-
SHA512
9a51cb0c4e1d9803cbc38f816d44a3ddb8d0f74a7d84a27465f94242e1a2cf926abd8b7a8048e9ced176c0a855a770daee6d89c128e88d49626413b866c6ee90
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-