General
-
Target
16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162
-
Size
272KB
-
Sample
220521-pbp5fsabgj
-
MD5
11db2c5db12047d39a21673ed9247072
-
SHA1
5d3a8fb6b1c6597369e6c0d13f4db67526c1507b
-
SHA256
16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162
-
SHA512
c5bcae719cca75a348ce249e16a4939f2aa0953a691a7c87e6f102481ff1921878f10d86e61abc351d5e830e98a9a49b14ae186696a1a82f7d4373fa60d2a873
Static task
static1
Behavioral task
behavioral1
Sample
PI 20-S880320V8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PI 20-S880320V8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sales2u-kcom.com@yandex.com - Password:
ALIbaba123
Targets
-
-
Target
PI 20-S880320V8.exe
-
Size
537KB
-
MD5
93879252b2e0f720315a2bf4b7d8aaf8
-
SHA1
7e281dd379a36d75243d4a4770061bac73f658de
-
SHA256
6f881ac62ccc9fa3075114b64de262ef896ef9e14b4040e659fe7a362fe13362
-
SHA512
9a03cbcae187a6b4a10585cfd1602ee57e50426a9cae248157f5c1c79267b0d1c089f847fc53d8cbf7273f9095f245b7c25a2db8b9361e2bc82aff2774cea929
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-