General
-
Target
666a33b99e5ae66edaca25a18343d5ff87c951c1adc3d6335dafd9362e9efffd
-
Size
400KB
-
Sample
220521-nbxc4adde8
-
MD5
9fd9423db745af75287b5b0efffca784
-
SHA1
62d143a8070ff73c10d113915dd89a70a38afb3b
-
SHA256
666a33b99e5ae66edaca25a18343d5ff87c951c1adc3d6335dafd9362e9efffd
-
SHA512
2190f898e4695467fd58fcc7f976ef193fa173e8e74eaf534b8470ce0f8552b7b27ce4485fb61fa51c8f9af69898ab9ca1e8a2fedcdf9695f25c4c3daeb13e3e
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
saleh.mohamed@pharco--corp.com - Password:
(UxyAlp7
Targets
-
-
Target
Company Profile.exe
-
Size
486KB
-
MD5
4a737c6f3f3f896bf5042bffc61dbb94
-
SHA1
4badba2886a79ad102fb8926a6535890e496cff0
-
SHA256
6aabf54e49076a1e1ba3f8b06c90b86932585d7648151db9ea0a2c0c55d00dae
-
SHA512
0b2ac6c0d6e753b307f22d8a553f3e2e9b7c2f870e503359e191a72c56d49aac11728bcb85bfb51ad779f839ba497858ba6505b110c8f8b566681dfd652e9389
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-