General
-
Target
OM5MBSiDi5Jh2Eb.exe
-
Size
1.0MB
-
Sample
221001-lw7nfsgggr
-
MD5
66f89d7f972da4bbe61f962ac564a0f7
-
SHA1
91b4b1cf5476d3efb3cae94242839ebe6510896e
-
SHA256
c21c06afc6271ed3807278e2dc61a4683d3b8d2e425133529e6c88ff1ee89d73
-
SHA512
e397b64eb038dc1c099edb19977c877aa143f4dd57efec6917ce116faee2b75fdda799294aac14a352bf5df42eda230eeb090aaabaae3507d43983df743973ec
-
SSDEEP
12288:m0ZVo+XftFbT7XY5PoU3zScuE5GYKBURGuyWXDNJ4t2FsEWhpVqlTHEykGo4NgC5:zFFbHIJv3zHGpU4ullWAJk4qCGosmtJ
Static task
static1
Behavioral task
behavioral1
Sample
OM5MBSiDi5Jh2Eb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
OM5MBSiDi5Jh2Eb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ormretsan.com - Port:
587 - Username:
umut@ormretsan.com - Password:
AGjluYt1
Targets
-
-
Target
OM5MBSiDi5Jh2Eb.exe
-
Size
1.0MB
-
MD5
66f89d7f972da4bbe61f962ac564a0f7
-
SHA1
91b4b1cf5476d3efb3cae94242839ebe6510896e
-
SHA256
c21c06afc6271ed3807278e2dc61a4683d3b8d2e425133529e6c88ff1ee89d73
-
SHA512
e397b64eb038dc1c099edb19977c877aa143f4dd57efec6917ce116faee2b75fdda799294aac14a352bf5df42eda230eeb090aaabaae3507d43983df743973ec
-
SSDEEP
12288:m0ZVo+XftFbT7XY5PoU3zScuE5GYKBURGuyWXDNJ4t2FsEWhpVqlTHEykGo4NgC5:zFFbHIJv3zHGpU4ullWAJk4qCGosmtJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-