General
-
Target
43f06e8665afbd1a8ad5b69a0e37973705b6e21863e082642bb57ebd0eb404f2
-
Size
511KB
-
Sample
220521-pb5vxaabhm
-
MD5
aa433a051f22cf87bb3c2475da5d287f
-
SHA1
c02e62512bcf6ad02ca076f8a466cb4c9feb9556
-
SHA256
43f06e8665afbd1a8ad5b69a0e37973705b6e21863e082642bb57ebd0eb404f2
-
SHA512
7a324faf359d606d0ba088bd807cab8adb36b6cb10cab24314cc0f63d24e85938bd035c28ed6b3533a3f18f0ac314bb19aaf3a155b8f0f43ed716490a488b3a2
Static task
static1
Behavioral task
behavioral1
Sample
Payment Ref MT 103 #45980238001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Ref MT 103 #45980238001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.chaikistomato.us - Port:
587 - Username:
humberto2@chaikistomato.us - Password:
MNAKJus@1k2
Targets
-
-
Target
Payment Ref MT 103 #45980238001.exe
-
Size
551KB
-
MD5
4a529abd1165507b2d18064fa1f1769e
-
SHA1
921df754e0ecd947b14a8b00af445ca566e6cd46
-
SHA256
9169d246ccab4d7206fd3a6d294c628d1e9b8ed33329cc025170f546a7c5671e
-
SHA512
9747c561bed5b2377a7596c7fe159d077143b40ecd8439d5af81d132cadfefd0b9cf7011941e271d6ccc7549e0379252ffcd91cb90d60aea8588934c2df2fe0b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-