General
-
Target
a1e55d9bc9975c6df2811c6888d3c12273000f56ccb2de4b27e759996efa8ce8
-
Size
574KB
-
Sample
220521-nbpcgsdde2
-
MD5
6df534f8d9c8fad449e3281e0f538c07
-
SHA1
457c6d00b93c982d0e8028f26d5015b3b0e8abf0
-
SHA256
a1e55d9bc9975c6df2811c6888d3c12273000f56ccb2de4b27e759996efa8ce8
-
SHA512
36f2b621bcf249f10076bd652af8aee45ea017380bb02c15c5598a68f171cb317bb48ecfc13f6608d3452faa1381d97c4300956677c21223b1ea16aff4e0891d
Static task
static1
Behavioral task
behavioral1
Sample
APO-074787648.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
APO-074787648.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.clrakmheu.com - Port:
587 - Username:
svenvangermain@clrakmheu.com - Password:
GDXAP$m2
Targets
-
-
Target
APO-074787648.exe
-
Size
633KB
-
MD5
fe7198b7b35c587907c7ba606030d496
-
SHA1
54facfc747474a4f6948df9f42e80eb2a0063f36
-
SHA256
88064a6ead6d60e5bc743ec981c2d608b79d357d46bf2ec39a05fa3831fc436b
-
SHA512
d3a741960d49127482f02c092dacb75636018604746f3beda7c7fa53e0da68d36c3728832476f9ebf9795837cff07bb9a09e5d6f600e7374217241142b15304e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-