General
-
Target
a62d53b4c696972c717f444b1cf6ccda07dbc124
-
Size
570KB
-
Sample
230111-pvw24sfh8z
-
MD5
7a6ac533312d5f4e462a1b9beda03cfd
-
SHA1
a62d53b4c696972c717f444b1cf6ccda07dbc124
-
SHA256
b0fdb78c68324224076f2d39061d3ad13c254e265a1842d87a6e7c8d49094e0e
-
SHA512
d98b17806980b209a53034314ab2278df9ffedcdf1cb8535c944ec1dc1f811d17486945fa4a8862338db842b2c7fe666d0bbe75fd158770268a534d10254e210
-
SSDEEP
12288:IY5ZNf4zIxNh8k7577uDHUTTAiha8ZRI0G17GnRDm7In75HmG:IY5szIrWmd7pFha8ZK+RDm7IkG
Static task
static1
Behavioral task
behavioral1
Sample
a62d53b4c696972c717f444b1cf6ccda07dbc124.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a62d53b4c696972c717f444b1cf6ccda07dbc124.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
a62d53b4c696972c717f444b1cf6ccda07dbc124
-
Size
570KB
-
MD5
7a6ac533312d5f4e462a1b9beda03cfd
-
SHA1
a62d53b4c696972c717f444b1cf6ccda07dbc124
-
SHA256
b0fdb78c68324224076f2d39061d3ad13c254e265a1842d87a6e7c8d49094e0e
-
SHA512
d98b17806980b209a53034314ab2278df9ffedcdf1cb8535c944ec1dc1f811d17486945fa4a8862338db842b2c7fe666d0bbe75fd158770268a534d10254e210
-
SSDEEP
12288:IY5ZNf4zIxNh8k7577uDHUTTAiha8ZRI0G17GnRDm7In75HmG:IY5szIrWmd7pFha8ZK+RDm7IkG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-