General
-
Target
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc
-
Size
1.6MB
-
Sample
220531-ef3k8sddg2
-
MD5
30e7d881a7c47c38ad75b18744873aa2
-
SHA1
8c8e69d1dbc50442318d13b7bda9441f9f510f46
-
SHA256
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc
-
SHA512
18b93aa7a44d80b809415d39ae4c5d4e5ab1004daa98cace65bfa1b906332507c17a19e2999a3fbf3cc6b9d6eacba5d73b83a9bff74024fb6cd3566a62784d3f
Static task
static1
Behavioral task
behavioral1
Sample
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc
-
Size
1.6MB
-
MD5
30e7d881a7c47c38ad75b18744873aa2
-
SHA1
8c8e69d1dbc50442318d13b7bda9441f9f510f46
-
SHA256
06f6861c922c4eb88ace3ad78411d8bdb3f045e7845681614b041a803c4118dc
-
SHA512
18b93aa7a44d80b809415d39ae4c5d4e5ab1004daa98cace65bfa1b906332507c17a19e2999a3fbf3cc6b9d6eacba5d73b83a9bff74024fb6cd3566a62784d3f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-