General
-
Target
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7
-
Size
476KB
-
Sample
221130-wlsrnafc3z
-
MD5
2f2984690e83994f56545ed93bbfe557
-
SHA1
aa3a0b86b160f19072a2db2afa186f761a9569eb
-
SHA256
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7
-
SHA512
ef1f0840522e32fd6d94fee8182e64d0018032b87105cc01e5c270d7cd6c63e4643b827d81f5e6e684358a78f6acf1c6526f40cdb9212b100fabc06fc38d3159
-
SSDEEP
12288:gYR/SQVieUH3JagG3R/5+MQLOtD3lfAZnrehQF:XR/SQVi7H3JagWMONVotri2
Static task
static1
Behavioral task
behavioral1
Sample
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.allenqers.net - Port:
587 - Username:
[email protected] - Password:
stanstan22
Targets
-
-
Target
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7
-
Size
476KB
-
MD5
2f2984690e83994f56545ed93bbfe557
-
SHA1
aa3a0b86b160f19072a2db2afa186f761a9569eb
-
SHA256
5895a31246f72f8ea9458911dbe7b14741618faa9c9bfc33baf697031103ecf7
-
SHA512
ef1f0840522e32fd6d94fee8182e64d0018032b87105cc01e5c270d7cd6c63e4643b827d81f5e6e684358a78f6acf1c6526f40cdb9212b100fabc06fc38d3159
-
SSDEEP
12288:gYR/SQVieUH3JagG3R/5+MQLOtD3lfAZnrehQF:XR/SQVi7H3JagWMONVotri2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-