General
-
Target
Please provide EURO1 Draft.exe
-
Size
463KB
-
Sample
201109-dvpa9bhe6n
-
MD5
423c65948e1fe9c4390314f6cebe66d9
-
SHA1
966b4efbe63e35aeb6b63a1df45ef862f6e9159b
-
SHA256
b1b0b814086ceb3cbe9b931ca3ac14ed934399c35b4b6ce956f98e50ea3186ef
-
SHA512
daa5425283e0498b1d2c60199966cd0e504a36971be847eed61c33642a13c38f65e47f0e5d69e51d000372c1cffbb6aaf9462ebb62f7e6fe702ddf8690eee377
Static task
static1
Behavioral task
behavioral1
Sample
Please provide EURO1 Draft.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
millersolomonjaja@yandex.ru - Password:
solomon12345$$$1
Targets
-
-
Target
Please provide EURO1 Draft.exe
-
Size
463KB
-
MD5
423c65948e1fe9c4390314f6cebe66d9
-
SHA1
966b4efbe63e35aeb6b63a1df45ef862f6e9159b
-
SHA256
b1b0b814086ceb3cbe9b931ca3ac14ed934399c35b4b6ce956f98e50ea3186ef
-
SHA512
daa5425283e0498b1d2c60199966cd0e504a36971be847eed61c33642a13c38f65e47f0e5d69e51d000372c1cffbb6aaf9462ebb62f7e6fe702ddf8690eee377
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-