General
-
Target
No. I20220052.exe
-
Size
518KB
-
Sample
230322-mbyqgsab6x
-
MD5
d7bbc6ef7a09d615e3b8c864b83a03f2
-
SHA1
e5c05e7a380017c40eb766d7029414c4edad264b
-
SHA256
2f40f6ef3c46c7e7a51531385abc337e60fed2a22d4a604e39c94ac05e95e03b
-
SHA512
6e2cae2b05d0839bf09716024bfe93ebf95073f9fa3d211e662e36653c47ae96722c50a41ab66250ff2f3d474382116804e685952791c7218d6c0f251e571533
-
SSDEEP
12288:sPqlMdaMAUQ1wQhHV7MyEqqpeabdcfOYuMAv3npMovIn05dqrlb:sikqTfrE3PbdlY6Ghb
Static task
static1
Behavioral task
behavioral1
Sample
No. I20220052.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
No. I20220052.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.focuzpartsmart.com - Port:
587 - Username:
[email protected] - Password:
FpmJhn@2023 - Email To:
[email protected]
Targets
-
-
Target
No. I20220052.exe
-
Size
518KB
-
MD5
d7bbc6ef7a09d615e3b8c864b83a03f2
-
SHA1
e5c05e7a380017c40eb766d7029414c4edad264b
-
SHA256
2f40f6ef3c46c7e7a51531385abc337e60fed2a22d4a604e39c94ac05e95e03b
-
SHA512
6e2cae2b05d0839bf09716024bfe93ebf95073f9fa3d211e662e36653c47ae96722c50a41ab66250ff2f3d474382116804e685952791c7218d6c0f251e571533
-
SSDEEP
12288:sPqlMdaMAUQ1wQhHV7MyEqqpeabdcfOYuMAv3npMovIn05dqrlb:sikqTfrE3PbdlY6Ghb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-