General
-
Target
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
Size
417KB
-
Sample
221128-kwjqysfe2x
-
MD5
e137f2deb74a16a25a82475adc363dc0
-
SHA1
d86972c462941a7181eb79071f22a921f6333cc5
-
SHA256
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
SHA512
6cef8d6814ee886c2ab117b69b6bd7aa495382c7f6ca283811987aaffa827f0ff0da8d38541845b3b4f9dcc756cbda8830e47d883ecde6ba7d34757d70e04cde
-
SSDEEP
6144:Q61a5zM7FUJWHYdj75/c8s7ZMNM/GOASSAKG5x6trlICIkRPf1oFeDsUH:appJ5dxk8kCSFASRL5x6llekR31o
Static task
static1
Behavioral task
behavioral1
Sample
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.perfectgenerators.com - Port:
587 - Username:
dispatch.lko@perfectgenerators.com - Password:
Dispatch@78
Targets
-
-
Target
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
Size
417KB
-
MD5
e137f2deb74a16a25a82475adc363dc0
-
SHA1
d86972c462941a7181eb79071f22a921f6333cc5
-
SHA256
acbf2b2b7a84e5d95808b2dae14e3668309c548bfabe7b01c1ea7a6baacd9eeb
-
SHA512
6cef8d6814ee886c2ab117b69b6bd7aa495382c7f6ca283811987aaffa827f0ff0da8d38541845b3b4f9dcc756cbda8830e47d883ecde6ba7d34757d70e04cde
-
SSDEEP
6144:Q61a5zM7FUJWHYdj75/c8s7ZMNM/GOASSAKG5x6trlICIkRPf1oFeDsUH:appJ5dxk8kCSFASRL5x6llekR31o
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-