General
-
Target
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09
-
Size
355KB
-
Sample
220521-nzq6zsedb7
-
MD5
7d29d7bc56de96fe885e5d592ae897b2
-
SHA1
683a504a97bb46c0987a452c4a2615666fcdfd29
-
SHA256
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09
-
SHA512
bebde4eba0131389c6046020e3bab93884788416830d76e9f45edd52ce332f14a0f62aa6cdf3c5aaeb4310c1f4270b8fac254f18a3c1bec71fff6e8d6ab8fc98
Static task
static1
Behavioral task
behavioral1
Sample
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mttfxgroup.com - Port:
587 - Username:
albert.edwards@mttfxgroup.com - Password:
Logistics22
Targets
-
-
Target
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09
-
Size
355KB
-
MD5
7d29d7bc56de96fe885e5d592ae897b2
-
SHA1
683a504a97bb46c0987a452c4a2615666fcdfd29
-
SHA256
cdb8a322e0a86edb8143e99684c86c0468f94f185ed323807b78faeef83bbe09
-
SHA512
bebde4eba0131389c6046020e3bab93884788416830d76e9f45edd52ce332f14a0f62aa6cdf3c5aaeb4310c1f4270b8fac254f18a3c1bec71fff6e8d6ab8fc98
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-