General
-
Target
73c1d55d4ff144d1dee4125978db915d9644c36af3fbb33c336fd31ce55a6b43
-
Size
413KB
-
Sample
220521-w8wrtsbbg5
-
MD5
d12a93df9b82deadec8c88215feacde5
-
SHA1
8673ccb5d949453255b436a4096ba82d922b6706
-
SHA256
73c1d55d4ff144d1dee4125978db915d9644c36af3fbb33c336fd31ce55a6b43
-
SHA512
1ac9cfacd47125bf6283e204b9b5e888934fb773267e01e907d3d9dfa1e2e66ed496a8ad162b22295b7c8f0bf1b0895edecfc4c0a3297332cb6fbc2517bb63e3
Static task
static1
Behavioral task
behavioral1
Sample
Revised Doc-00865548.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Revised Doc-00865548.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Revised Doc-00865548.exe
-
Size
1.2MB
-
MD5
9ecf4d1cfbd096c7adaa3bf301b52a81
-
SHA1
002f1010e21db786ff6da2cff660848dd585c4b2
-
SHA256
310c22c27c21f9552c0b7ec5d0c78e0870984a0432758835e07a502175181c5b
-
SHA512
1485978cb209e20bc4707f0d1a6be5cfdb97dd96bdedfef22a2ce9dbedaa3c269228d6d5290293c1434eb5fcee82994b45a753c8fbb42c325fb4893d92855ca3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-