General
-
Target
90fed91d6f0a7ffa94dffcc50c42d4a9e2fcaa7c6e4a77b7ea71c5d2e13f6fca
-
Size
365KB
-
Sample
220521-nrq61seaf3
-
MD5
8e114d12df463fc74ccdfa9b0dc14ce1
-
SHA1
3b011c23c9b6bd13ba16f60ac65c56c5a8327747
-
SHA256
90fed91d6f0a7ffa94dffcc50c42d4a9e2fcaa7c6e4a77b7ea71c5d2e13f6fca
-
SHA512
9b2a46d66ff65490ace96982a1bd215c3825a524407b909d697a8bc1e83bc523d546dca0db6b4064e3723c8414fa80340e1b7238e4ecd009a880cc6a81a57777
Static task
static1
Behavioral task
behavioral1
Sample
#Inv-037120.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
#Inv-037120.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wizzysurelinks.today - Port:
587 - Username:
amaco@wizzysurelinks.today - Password:
amaco@123
Targets
-
-
Target
#Inv-037120.exe
-
Size
403KB
-
MD5
7299f2b3c1449cde81e84f16fe83d21a
-
SHA1
30df30cc63deef9775a7b18763e4f30842b38b3c
-
SHA256
7dc71a918e6d07b0aef89e3daa567b18b133b9822911d21c38a94bed790ee12a
-
SHA512
4c8d7a00d4a0cb5a2894dc8db9a81e98faf85d8ae60e7fcda56e23b4683bd87e6fcdf332ce9341bbd55dd57a364b90de7d6e2b2dd5d6f0c6caaa1290a6553741
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-