General
-
Target
cdb998bbcf21ecb3f3b215f3affbe6a12006515e13c8a1576ab498db5ea2969a
-
Size
405KB
-
Sample
220520-18x24saacm
-
MD5
1827087f8ab80a4c2838035dce243f8d
-
SHA1
7a5bc51e8d8fc74ef7721dca05437c98f7bd95b6
-
SHA256
cdb998bbcf21ecb3f3b215f3affbe6a12006515e13c8a1576ab498db5ea2969a
-
SHA512
d5731aa7b8189ab27a29c0a8f46e364eadf1d7553145197a23ee25d380f194253ab2b572e591eeb53c97bd1982b982ddb3fc832c55ecadcbfe9e77daafd2d6ee
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER PO 17.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER PO 17.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER PO 17.08.20.exe
-
Size
492KB
-
MD5
484f322a9d499e1cd78a0cc02282b1b2
-
SHA1
c8e874f8f2079de38b2ae3c1b4bfa229c40b22d0
-
SHA256
43289bb160c005728b4dc1d8cd723356f1e7d2e5ba90bea7d28c3334224939c0
-
SHA512
489865baf51cc4a51c108c3561168c21e852b74c5eefa6be50c58d8cae2f5f8eb9b2c339fbce017f17ab287f123fb78063c71b2d87d20078f70a33be6f64b602
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-