General
-
Target
7750f2133f4bd392a5757fa453e4a264b59049b9ef626881c7e730e1180995d6
-
Size
275KB
-
Sample
220521-pj24zsafdp
-
MD5
acb2dfb43d781a72ffe6db80d7d18418
-
SHA1
c4686ce2dbfdff72136f284106e9dca3e115936e
-
SHA256
7750f2133f4bd392a5757fa453e4a264b59049b9ef626881c7e730e1180995d6
-
SHA512
7d674eb1d109a82515660c35ea7e9d92b59d7fcc77578cd30dd4ed1e4f862e2d855e4591d41196d38e04b6e3b2b9bf42afc6c0d915931be3c468e548e01d3072
Static task
static1
Behavioral task
behavioral1
Sample
COMPANY PROFILE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
COMPANY PROFILE.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
COMPANY PROFILE.exe
-
Size
657KB
-
MD5
4c1f8cf98fb6fbf46968741c4a3c11a0
-
SHA1
f012177fbafd6d8afd4d28a5420691ad6c657137
-
SHA256
9c77b82a3c0940c736dc6b61591394ed69ae046b90992b427910d3ce28f77772
-
SHA512
68dd73e204b60707c06717e1b0602edb71c152cb3ad31e909d7f6bcb0c685e11fe4df91e92f72eed4dac476ab258509931a0f6c363b343b53b4c95f45bc084ed
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-