General
-
Target
f93a549b02a7e5e2c69447f9e80be87dcee4d4768b6c857438a244d67069669d
-
Size
271KB
-
Sample
220521-pq7m2sbafq
-
MD5
d06805215fb9d61ec7f0cd79e5914955
-
SHA1
b80530a0c2d41db93565eb11c917fbcdb1f69c0b
-
SHA256
f93a549b02a7e5e2c69447f9e80be87dcee4d4768b6c857438a244d67069669d
-
SHA512
780ebd89fda47cab3597d0e4c3fd4355f3d086e89c4f6454b358964be5d5a63c446ee6f2d77731f8d98ebcb9d87a1293c2aaf4fb6df6b7b772e83136a4d4d498
Static task
static1
Behavioral task
behavioral1
Sample
Document Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
sepp@flood-protection.org - Password:
sepp2424@
Targets
-
-
Target
Document Copy.exe
-
Size
651KB
-
MD5
056779505e918821f7c8eea853a3aede
-
SHA1
50547be0f9807212ad045cbde8b95ead9abc56bd
-
SHA256
0d2a1e1ae63f88fe43639ddcec25db83eef70cc09ed98403f570fb61293fcf2f
-
SHA512
e6dab6cb7942936ce04952261853d89a3c5eb657035d015221456292fa29330a98d27c76a5faf1069101acc9e545e2f375258ef0325e83b25e061b41d7afd9fc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-