General
-
Target
Ainxpfgc.exe
-
Size
52KB
-
Sample
220522-fyywfafec4
-
MD5
ba2258324fc45ea8d9d7d5f94f50c8f5
-
SHA1
7173d2dbcae0cb1725768d9127ebf159e1997238
-
SHA256
303bac353481639b2ead5860845f621f9f70a8282e31ecd3cb5c5d3fafaeb38d
-
SHA512
e1e786462374c9a0d43e4dae5b7211d2a4e59839cdeb84892e21ec643040ccd54bb393ab797fb6161ce0945200885e7717664321248714fabfce48e5f917c810
Static task
static1
Behavioral task
behavioral1
Sample
Ainxpfgc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ainxpfgc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1884223853:AAERiJ4aER91WwDYG8sj4RQTLbHHOQX2Bf0/sendDocument
Targets
-
-
Target
Ainxpfgc.exe
-
Size
52KB
-
MD5
ba2258324fc45ea8d9d7d5f94f50c8f5
-
SHA1
7173d2dbcae0cb1725768d9127ebf159e1997238
-
SHA256
303bac353481639b2ead5860845f621f9f70a8282e31ecd3cb5c5d3fafaeb38d
-
SHA512
e1e786462374c9a0d43e4dae5b7211d2a4e59839cdeb84892e21ec643040ccd54bb393ab797fb6161ce0945200885e7717664321248714fabfce48e5f917c810
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-