General
-
Target
b37950e9376965942f8dddc16f447d9b93c7c286917c9371b0e83d06f7700bbc
-
Size
480KB
-
Sample
220521-xkskyafcam
-
MD5
93121dc283326135820472935dfbef7c
-
SHA1
c104ea294467fc2f06f25831add612ec331d1b74
-
SHA256
b37950e9376965942f8dddc16f447d9b93c7c286917c9371b0e83d06f7700bbc
-
SHA512
e5b5a6b808e0d0e4d53de57ee91522f8e70666ffd8eb0ee008491bd6b1cd7510872c0c4a47d157c7894eccfa81cb501b0d28c33c4f7d22c9faca1339b33cc956
Static task
static1
Behavioral task
behavioral1
Sample
Documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.com - Port:
587 - Username:
usjobs@ramsoft.net - Password:
$Hari@prasad%2020
Extracted
Protocol: smtp- Host:
smtp.1and1.com - Port:
587 - Username:
usjobs@ramsoft.net - Password:
$Hari@prasad%2020
Targets
-
-
Target
Documents.exe
-
Size
583KB
-
MD5
32f65b5608137599eb88b876132d1321
-
SHA1
233b379864856fbf578425af6143595c3b264382
-
SHA256
5f2517598649fe78e58966a15e9fea89e43ee57aa0ad6b779ef18be53eb39a2b
-
SHA512
26e6b68e113253339188c9c40358374385be4e68f323c045b09eac0d1e726ec8dfb596b2775125d60b57ec60185a2980b3069e9cd5bad44323c3215235c76f4b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-