General
-
Target
a2de75bd212c3e8f5c1695819f8d26c413760b56714f52e80bb65322588aca9b
-
Size
534KB
-
Sample
220521-nbmtnagecr
-
MD5
5ed34bfd2123a86a9e7a4b8efdfbcc68
-
SHA1
f23290392ef3bc8f85495749ac4e781578bb041d
-
SHA256
a2de75bd212c3e8f5c1695819f8d26c413760b56714f52e80bb65322588aca9b
-
SHA512
60bdcc20e2fd267815f6dbb702cf37d5c182e2e70338a7c79c7eb2aeba14d82add1190e07125af81ac6ea1f9be9655fca50e9955958efeb83e6dba6a8a7d280a
Static task
static1
Behavioral task
behavioral1
Sample
P O...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P O...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mystboutiquehotel.com - Port:
587 - Username:
info@mystboutiquehotel.com - Password:
1Ie0S;gWe&A$
Targets
-
-
Target
P O...exe
-
Size
852KB
-
MD5
0facb0cb843664cf5356376b53fbfdc3
-
SHA1
210b53bed909d7a44785e59f4f0fda0e1287f736
-
SHA256
0c04fa0c37294770f966ab9f8e848e45c574364e07b0c27e062e79ca8fd6a46d
-
SHA512
4a100b0c1992b3df28e4b00cede252443083e4d9d3317e02bc9710c59ae6a6070d0892be61afe31993a18803092bbb5e2e09ceac57790835ee99941ff0bfd984
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-