General
-
Target
Contracts.exe
-
Size
731KB
-
Sample
220706-e62rmaagb4
-
MD5
a244c2ed29e0b6a5b425bbaaf122ae08
-
SHA1
3d190f8c22a76866fbef53bcd9b0ded026cafea5
-
SHA256
998a55e18cc72ab9e20679886d6979732f82c157b01096764c43ce422843d998
-
SHA512
12caa502c8de218548063c4225049a2fef983fcdf42b6da2cc1dadcca476a0b0345a62b7625383c01203d621d5dbfb5a4d7432db76e181011df0ab088f717252
Static task
static1
Behavioral task
behavioral1
Sample
Contracts.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Contracts.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5227573794:AAECZBnQSxLs0aOVsV2wnclC6-WKnxPpi_k/sendDocument
Targets
-
-
Target
Contracts.exe
-
Size
731KB
-
MD5
a244c2ed29e0b6a5b425bbaaf122ae08
-
SHA1
3d190f8c22a76866fbef53bcd9b0ded026cafea5
-
SHA256
998a55e18cc72ab9e20679886d6979732f82c157b01096764c43ce422843d998
-
SHA512
12caa502c8de218548063c4225049a2fef983fcdf42b6da2cc1dadcca476a0b0345a62b7625383c01203d621d5dbfb5a4d7432db76e181011df0ab088f717252
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-