General
-
Target
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
Size
1.4MB
-
Sample
221204-k9rzgsae8s
-
MD5
19c7683c6d30e42359202a8b1cf180a2
-
SHA1
48b7177fda378b89c0d644b5cc8870762917cc27
-
SHA256
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
SHA512
1ebad3c1b520cc52c026945d16eb70c760da5f0324da28d76f00b091f90871963a636022a78db6c8234cc2bdc8fdd00bc8b96efc59b12ac47095abd97cdceb5e
-
SSDEEP
12288:7+1g3Nn9YL+cSYromBgfGxI7Zq5FsPsk73o/zgLQ/e9xLyGBnuT:7+1gwoxSFskK3o/MU/qnu
Static task
static1
Behavioral task
behavioral1
Sample
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@cutecat.icu - Password:
loveline123
Targets
-
-
Target
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
Size
1.4MB
-
MD5
19c7683c6d30e42359202a8b1cf180a2
-
SHA1
48b7177fda378b89c0d644b5cc8870762917cc27
-
SHA256
af987f8a78da6b7e8c5ff110ac6d45a2e5b568053fed3372e3d6110d4ff6b31c
-
SHA512
1ebad3c1b520cc52c026945d16eb70c760da5f0324da28d76f00b091f90871963a636022a78db6c8234cc2bdc8fdd00bc8b96efc59b12ac47095abd97cdceb5e
-
SSDEEP
12288:7+1g3Nn9YL+cSYromBgfGxI7Zq5FsPsk73o/zgLQ/e9xLyGBnuT:7+1gwoxSFskK3o/MU/qnu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-