General
-
Target
a4ee7245c26b8c1a3cbfc76f09784ecc5afff56472e1fee2abc03550ab4c2737
-
Size
381KB
-
Sample
220521-pg7axsaedr
-
MD5
8459ba8d1aedecff6713662c4e443945
-
SHA1
b521213c735aecbb5111611c17d31390ce249280
-
SHA256
a4ee7245c26b8c1a3cbfc76f09784ecc5afff56472e1fee2abc03550ab4c2737
-
SHA512
34b4eee707c52fa788e66591cb5124cf60eefe1ae253dcfd3875a627d587df99f25c96f7d0fe91a14438448fa1d0cee43c9a645c57f25f0542da697655f0c728
Static task
static1
Behavioral task
behavioral1
Sample
Ch2sZ3JEobY0pea.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ch2sZ3JEobY0pea.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lettu.us - Port:
587 - Username:
hr@lettu.us - Password:
western2020@
Targets
-
-
Target
Ch2sZ3JEobY0pea.exe
-
Size
413KB
-
MD5
173056e19556d0588365ede4e8080733
-
SHA1
599f827a51bf2de5af85f2d10ebae4a89901ae12
-
SHA256
3f8c2a8d34d7d3f61451ea1beb9d9671cc50aa2cbe39d700a08d0215b8b7163b
-
SHA512
611ecdaca3886d2a6b070ef9b7f58dee5ff40ba7a37934324e25c8d94d2c04475941a220b5e323883a596f947cb31f39bcb06dac879dc007e121a3e5b9f669d4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-