General
-
Target
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66
-
Size
452KB
-
Sample
220630-xkezvaggbr
-
MD5
6096346e1e2bb82f275e46c4d6df4ef7
-
SHA1
9df3021b1603d3b553d60decd4c51d6c5a172a4e
-
SHA256
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66
-
SHA512
38adcd458daff32e41a59af73d332e801ed4e8cdde068e3ed0787b8ef3eb6ebd7010834c2bdc82038a58ee34156d4a6690a48c9b342b0e31ddeb18eeb06054e9
Static task
static1
Behavioral task
behavioral1
Sample
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vitiren.website - Port:
587 - Username:
info1@vitiren.website - Password:
paAt]S*Q&lW5-*-/
Targets
-
-
Target
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66
-
Size
452KB
-
MD5
6096346e1e2bb82f275e46c4d6df4ef7
-
SHA1
9df3021b1603d3b553d60decd4c51d6c5a172a4e
-
SHA256
09b9d9827c001738f7360e23edee4f7f4e60cbd8ccaaa9735884f9535f42ed66
-
SHA512
38adcd458daff32e41a59af73d332e801ed4e8cdde068e3ed0787b8ef3eb6ebd7010834c2bdc82038a58ee34156d4a6690a48c9b342b0e31ddeb18eeb06054e9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-