General
-
Target
a9527ddc909c56d61dd053f93fa802ae614e6ad761830fd267a2d57845534efb
-
Size
341KB
-
Sample
220521-ptwd7abcap
-
MD5
897cf3a5b3902124eb53cee4c9624914
-
SHA1
2d273fc4a52aff12b81308f847f9b9d6c1c89b4c
-
SHA256
a9527ddc909c56d61dd053f93fa802ae614e6ad761830fd267a2d57845534efb
-
SHA512
55e8c105d01355ebbc18eb4f385ab92bf58b41fb7ee32fa6012812110d2425812fb8b20b0e3ef3f4fd809d08f4ebddb84fa072c38ad634b718758ffdede0364c
Static task
static1
Behavioral task
behavioral1
Sample
Daily Report_2020_xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Daily Report_2020_xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
evra@moorefundz.com - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
Daily Report_2020_xls.exe
-
Size
407KB
-
MD5
cbb11d12d229cb506a559509ff0d5041
-
SHA1
fa1b25bb450aa82ee3f2c13b96f9fde45f493533
-
SHA256
1f5501175aa21ba313350d75cf0c5346095ea7df5b8a4f258bba1b95af6b5a1b
-
SHA512
38a45fe05b7940d1dd0b2f09d6a4bf7834db6649955653acaf3c5e7e74779ba3a47b31ba04461f9c8a283000af208030a704abfd0f5f9ae9a22be87232ef5bf2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-