General
-
Target
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f
-
Size
775KB
-
Sample
220701-dwyrjshhhr
-
MD5
7f4df8a2ce1ae2c87509a7554a8a2312
-
SHA1
144f7be59e7d0ab494fe7b034cd263f32c332db4
-
SHA256
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f
-
SHA512
42bdd96d520ce3647481cce844240d26e8d07d504946540ffda93dbfe95e22bcf65601e45b424cb0eaa2197d1bc8ad29c91bc97fb5884f0651df528c53878c17
Static task
static1
Behavioral task
behavioral1
Sample
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vitiren.website - Port:
587 - Username:
[email protected] - Password:
R_(^!h,UT{s5
Targets
-
-
Target
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f
-
Size
775KB
-
MD5
7f4df8a2ce1ae2c87509a7554a8a2312
-
SHA1
144f7be59e7d0ab494fe7b034cd263f32c332db4
-
SHA256
608084b2ea7f4924d400a9e199db1a894fa0935a4828cfa6d3eb8ac93a2a376f
-
SHA512
42bdd96d520ce3647481cce844240d26e8d07d504946540ffda93dbfe95e22bcf65601e45b424cb0eaa2197d1bc8ad29c91bc97fb5884f0651df528c53878c17
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-