General
-
Target
e29fe80330ae25051dc3e6432bd768d27732969e9896d337d35ada84a8069aeb
-
Size
381KB
-
Sample
220521-pegx9aadap
-
MD5
9eae598ae1d53f51f46bd3267df64d56
-
SHA1
4e8c09d84155dd818b59740eaa8bbcd1a1f2e40d
-
SHA256
e29fe80330ae25051dc3e6432bd768d27732969e9896d337d35ada84a8069aeb
-
SHA512
6960fdd322280547dbe27e2c6343967e530712c3a462b2b79dc938355831e8a5ebb2985c1305a19467959799fc80a1b761cc9c70bffdb52c98744b77854f398d
Static task
static1
Behavioral task
behavioral1
Sample
report.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
report.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
ekwe@epaindemgroup.com - Password:
}bf9e+EW5s$k
Targets
-
-
Target
report.exe
-
Size
434KB
-
MD5
b7282b547c6734d69aa84daa020640ec
-
SHA1
764b453e1fb4dc58b11c194a4b2f7c936375b77f
-
SHA256
1cca3f293c7942a4e189397953842dc4510cb9a25019de5e22134a629ae09ce6
-
SHA512
469d4b7807fd1dc6c05eb22775b1f8fdefd7f71190f00d5451ea39ffe318ce6c3003f7e60aa6f6510d2a86c7eecdc89d8c6ecffab260441da98d5dbb922e2356
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-