General
-
Target
d4bc55a7eebee915f86f2beb1347f613654a33d0797ac10e1e58a94614a7e408
-
Size
440KB
-
Sample
220521-nzdkwshebn
-
MD5
96492b77de3c6d0f6445bb9bf17d3e42
-
SHA1
3bb890fc74cc6716955aee45e8ad98ea397918f3
-
SHA256
d4bc55a7eebee915f86f2beb1347f613654a33d0797ac10e1e58a94614a7e408
-
SHA512
4f1dba6ef81f3e9bf241cde558924a36e61868e389e1e345f25166b48a570f0caa7b914b1798430b5fb52672a950afe6a1b88d9cf864dfc8299670ccc69e9461
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENTS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
midnapore@mpjewellers.com - Password:
mpjw2013
Targets
-
-
Target
DOCUMENTS.exe
-
Size
459KB
-
MD5
ab454b4f47b4848029dcc17081b020e5
-
SHA1
455a51a8baaf8e200ad26868763d616bcba760de
-
SHA256
33708f02e31c62d1b986589982e4e1c4f381089b67276d395a0e74c995a1e822
-
SHA512
e9f254a2ed7835a0b83553caab55347d99f51d7aeb4ee54fcfdc8dafc89a47feec9eb663d008f9ba40ee01b2e8f97c529cac3be4f282d863db07968a5f236a4a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-