General
-
Target
e3afa6bdd57ef6d0c322198de7b83fcb8cc96fe666e875a42502443c251465db
-
Size
856KB
-
Sample
220521-ndtd8agfdl
-
MD5
92151d9c5f9cc46978dbb28cf093f2e6
-
SHA1
62c990a943384ba6d1aba9a67e135d50e46c01f9
-
SHA256
e3afa6bdd57ef6d0c322198de7b83fcb8cc96fe666e875a42502443c251465db
-
SHA512
cbb746ba8c0534bb3ff912efa90f199a7d5223d483b3e7bb71ad43931c28580286ee9cc0af2654238f0af06c40c62279a545987deeedf4475ddf238858af4f9c
Static task
static1
Behavioral task
behavioral1
Sample
Our Ref MIDLGB31 (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Our Ref MIDLGB31 (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
Our Ref MIDLGB31 (2).exe
-
Size
1.1MB
-
MD5
2aecc1b520754fc969b230fe021f1889
-
SHA1
9ac39bf5017c6d23433723b55d869856e138e54d
-
SHA256
6c78a32328d131b8e75b30321d925c1e11d38416e744329d4a333822e4cfb7ec
-
SHA512
97c62f93147a1fd6dbb4e77f54e675ea61a9f99e31998d9577b857d260d4a81f1cdc13aa3be878b43dfac50861d8d8875a0cb2fe330a15ad5b8d4e550daaef13
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-