General
-
Target
4d28b29da71066ede367300121620ad5
-
Size
545KB
-
Sample
210915-hvzpnsdban
-
MD5
4d28b29da71066ede367300121620ad5
-
SHA1
2b9a466dbf04d9f699e48c7549e10a1ce452ff0e
-
SHA256
cc997250628324ec9e05d5b001b71540a9d812fb4fa12616d1959a25e4b15a64
-
SHA512
e10e7a74e6f76c1de169dc7f4007243eb67fad5556e37e76846cc767bbcb172a9ea0100711f74c2a6d6f06c53e24f1b232c5051f0bbb02fdb36efc1ebe762fad
Static task
static1
Behavioral task
behavioral1
Sample
4d28b29da71066ede367300121620ad5.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
4d28b29da71066ede367300121620ad5.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
general.logs@yandex.com - Password:
jesus@eze
Targets
-
-
Target
4d28b29da71066ede367300121620ad5
-
Size
545KB
-
MD5
4d28b29da71066ede367300121620ad5
-
SHA1
2b9a466dbf04d9f699e48c7549e10a1ce452ff0e
-
SHA256
cc997250628324ec9e05d5b001b71540a9d812fb4fa12616d1959a25e4b15a64
-
SHA512
e10e7a74e6f76c1de169dc7f4007243eb67fad5556e37e76846cc767bbcb172a9ea0100711f74c2a6d6f06c53e24f1b232c5051f0bbb02fdb36efc1ebe762fad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-