General
-
Target
cc893e8ac2c74292f36315c6b88b1bd6908215a674b2916ed2186ea0dccca951
-
Size
530KB
-
Sample
220521-psn9gsbbek
-
MD5
3cc178d213f4e997d6a3d7039fcb4609
-
SHA1
2fdd9b56180f203c805c80b9c3eb753eeaa0395e
-
SHA256
cc893e8ac2c74292f36315c6b88b1bd6908215a674b2916ed2186ea0dccca951
-
SHA512
f6d4104c5e19232182ba44fb285607078076df9e0593a0d1278f18b29cc1b8a451888c9248b969e7b190f5894f73f0d9a9a76f08c974b2c50cbe1e942b762384
Static task
static1
Behavioral task
behavioral1
Sample
INV638492648829.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV638492648829.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
gee2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
gee2424@
Targets
-
-
Target
INV638492648829.exe
-
Size
793KB
-
MD5
b52fb23e42ef7cc0c7a5bd9fc90f68a1
-
SHA1
828484b5b488db19bae1f4982b204273c4507837
-
SHA256
bc36d20a9c2283a9f9e01a995af6fde7824a0d18469983d0a6fb3899c6516b47
-
SHA512
9330e3334a3e87d3171cc7e9e3b49671518569e62ff991dee4f4679e804768a58d67a237629d604e6335ee072f4c397b3a480e5241203dec87056f0f531cd329
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-