General
-
Target
7ffd507ca8450d0d6be84c4e7850490779aebf468089827a60a4e27b53e7aad4
-
Size
575KB
-
Sample
220521-nbtbfagedk
-
MD5
2d8e2f9c8e17c0875dcec97ff44e4ffa
-
SHA1
41cadf5d7b5b1ecc8db8f5c0df1ee38bcc1dc9d5
-
SHA256
7ffd507ca8450d0d6be84c4e7850490779aebf468089827a60a4e27b53e7aad4
-
SHA512
8b3af9fa9e693e865e9f4711e0500d0c9f9facb3c57723242b77aff64450d427870862a90fd803cfdce2ad5752e279c5baedd0126a98c35ee80c7766ef63a1ca
Static task
static1
Behavioral task
behavioral1
Sample
fact.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fact.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bgisped.com - Port:
587 - Username:
szgindele@bgisped.com - Password:
Szylee(140187)!BGI.
Targets
-
-
Target
fact.exe
-
Size
785KB
-
MD5
cf2a60f920a03e42b763e0637574e37d
-
SHA1
9d9e525888c27fcdfe2eb5c2ef1e5c44a02c07a1
-
SHA256
d2e102ec3fdd6dce78c5144da860990bdac37221341382343e949b9d80ec016f
-
SHA512
a6f6a341bb2d2871542c45efa9c078bdc9cd28bb3af74c82e58215d722d43ab8cb7cd1d63d5c7e4d2a24786b9d71a6b1f3c9756fbbb6f8a37e1aeb9c76d2b326
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-