General
-
Target
c85c5fd6257987d4386a8592e254eee58bcc3d8b7a0f8d7d2e4f7f8b5ef23f98
-
Size
275KB
-
Sample
220521-pswzbsfhh3
-
MD5
8fc2871a91b48d1ae904d9eadb666427
-
SHA1
40011dad7f77e746b1401907b5b0e52ae3a3eaec
-
SHA256
c85c5fd6257987d4386a8592e254eee58bcc3d8b7a0f8d7d2e4f7f8b5ef23f98
-
SHA512
80a555f90488a8202eaeb8a1db7ae366e00b590b1db3e51c361b5340cf0e1477b694e396cd2cb535af8f965269b840f02318d62439fca02dad2a2670643fa15a
Static task
static1
Behavioral task
behavioral1
Sample
RETENCIONES.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RETENCIONES.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
RETENCIONES.exe
-
Size
656KB
-
MD5
651472198c3c8e5c47f12d08ab1b1da0
-
SHA1
5dc122fd24f692ab1a2e9e63938b5991a414b3e2
-
SHA256
834c9f7bd7ce054f4a5bef137584e93bfe8a018884cb5e9370ba0dae014de3db
-
SHA512
1e4f46b4f0cc287a767f6da99f0fbaf6277dce43a79d31f6445188fcec6c9e3d87164107b5bb856f94a3896a752dfce109d81a45a3706030c141b98abddfc401
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-