General
-
Target
Vendor Master form.exe
-
Size
476KB
-
Sample
221128-kmklwsae75
-
MD5
a5e2866453ac55d18ba7260e5aa26109
-
SHA1
30fd1b72848093f6fbc3b1ce5b33cd1e6f23bffc
-
SHA256
8b2b9a800cbda49ad85fca392d0b4512c67ab5b51c7b6b92aa7e9c285b4dc54e
-
SHA512
6171805d56d15c7d5477c7115ab3821db10576927507a667234e279d1852d5163eb5bfbda0fbb10b552315ef2c39f74fee52501c230d2ee113861b66b8df5fb5
-
SSDEEP
12288:C/70YCym7ThY7GQJWpfnNNiYrhNlPSz7/:K7z0hY7Jsp/zdhbKzr
Static task
static1
Behavioral task
behavioral1
Sample
Vendor Master form.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Vendor Master form.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
Vendor Master form.exe
-
Size
476KB
-
MD5
a5e2866453ac55d18ba7260e5aa26109
-
SHA1
30fd1b72848093f6fbc3b1ce5b33cd1e6f23bffc
-
SHA256
8b2b9a800cbda49ad85fca392d0b4512c67ab5b51c7b6b92aa7e9c285b4dc54e
-
SHA512
6171805d56d15c7d5477c7115ab3821db10576927507a667234e279d1852d5163eb5bfbda0fbb10b552315ef2c39f74fee52501c230d2ee113861b66b8df5fb5
-
SSDEEP
12288:C/70YCym7ThY7GQJWpfnNNiYrhNlPSz7/:K7z0hY7Jsp/zdhbKzr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-