General
-
Target
4d33581674e1cea0cd2a265543579349ee187def2c6df7bff74722689503bd90
-
Size
372KB
-
Sample
220521-pxdcsabdbk
-
MD5
c92cb1c0bd435ab469a5a95a86580c7e
-
SHA1
c9c53ccb26017a1f39b448fad48073dfc6ada949
-
SHA256
4d33581674e1cea0cd2a265543579349ee187def2c6df7bff74722689503bd90
-
SHA512
e9b1ea9ac9e6c06a8169d67e4202874948392b3a9dee160cd49e7884c73cba7f1218b8818026398fa56e469c5b648628591d65beeeb1578d04383f892ee926bc
Static task
static1
Behavioral task
behavioral1
Sample
UbTzPympGiUdkff.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
UbTzPympGiUdkff.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.annlap.com - Port:
587 - Username:
huverteamup@annlap.com - Password:
Control84@
Targets
-
-
Target
UbTzPympGiUdkff.exe
-
Size
507KB
-
MD5
802b118ff57572e15f3693056c9b4321
-
SHA1
cff1265315ec41c11b1d62dde2fe249ecf0d227a
-
SHA256
98aa25661d1240483f21cb7f2cdade8ba0ee681fef926ff56ef6ced2c4477527
-
SHA512
9076c6a6350a060d4e9ebaf0c76f1163eb0bc31121f1eefbeb6aa31c088af8dd960a2e0d1de73079f4d29fe70f59904759c97b12dca90f03e07c4deb932a5801
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-