General
-
Target
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5
-
Size
1.0MB
-
Sample
220521-nwxjlahchp
-
MD5
9738d0194e39981c4c29391fe86a8614
-
SHA1
a9511fd477df832bdece6641fcd72df94f8ed016
-
SHA256
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5
-
SHA512
7738236ef72c91cf382c589090f7c9bcd2e128b4bc2186aee5559a18ccbe91bbe7c8ca73657340ad83d56499a9a107403ae2b1afff926f8bd30d070ade1a30fe
Static task
static1
Behavioral task
behavioral1
Sample
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jayshreefertiliser.com - Port:
587 - Username:
stores@jayshreefertiliser.com - Password:
jcf1961
Targets
-
-
Target
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5
-
Size
1.0MB
-
MD5
9738d0194e39981c4c29391fe86a8614
-
SHA1
a9511fd477df832bdece6641fcd72df94f8ed016
-
SHA256
dfce27237aa50062f8823b9a8bf6695c7e849681283a3e1b2e9367bccb6a8af5
-
SHA512
7738236ef72c91cf382c589090f7c9bcd2e128b4bc2186aee5559a18ccbe91bbe7c8ca73657340ad83d56499a9a107403ae2b1afff926f8bd30d070ade1a30fe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-