General
-
Target
DOCUMENT.exe
-
Size
1.1MB
-
Sample
221205-rrk7jsgh97
-
MD5
6b7e8537d34f54a025a5433f16284f89
-
SHA1
0e57da428669db68f70ffadf869339db534716f6
-
SHA256
204f5127fffcb492956eb77c01f5196c8b57a3d084d575594376909d22269018
-
SHA512
38949e654e6f7f69f0333fff73ea81f167095c2561f13c76a5fa9ec0573acd3e994554c61a817141612e0152e7ef10d0f09224fa051570736b0a644ea99fca45
-
SSDEEP
24576:3Q7QqlKMmJ5RpPsOthpCnATgGOEQKrQodNw+m:g7QfJ9PsOzpCOgGDlsJ
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DOCUMENT.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
DOCUMENT.exe
-
Size
1.1MB
-
MD5
6b7e8537d34f54a025a5433f16284f89
-
SHA1
0e57da428669db68f70ffadf869339db534716f6
-
SHA256
204f5127fffcb492956eb77c01f5196c8b57a3d084d575594376909d22269018
-
SHA512
38949e654e6f7f69f0333fff73ea81f167095c2561f13c76a5fa9ec0573acd3e994554c61a817141612e0152e7ef10d0f09224fa051570736b0a644ea99fca45
-
SSDEEP
24576:3Q7QqlKMmJ5RpPsOthpCnATgGOEQKrQodNw+m:g7QfJ9PsOzpCOgGDlsJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-