General
-
Target
c2a2cfe440b18edcf0e931394ea070d7be3add32b211a01e66d7940f2d9116d9
-
Size
681KB
-
Sample
220520-19k4yaehf2
-
MD5
57f20a7ce22f6d3a765e76d37b241d41
-
SHA1
1d28c399b925c81ad634f960914a6f13a41337e2
-
SHA256
c2a2cfe440b18edcf0e931394ea070d7be3add32b211a01e66d7940f2d9116d9
-
SHA512
f2118f90d158d876f9fd3194069e2f318548717bf2a536bcc1f833387d33e214b24f18165e55f5fe6a82da563d7d0546151bb523bb27a23f9fb2485cd00fa01e
Static task
static1
Behavioral task
behavioral1
Sample
SCANCOPY007_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SCANCOPY007_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
office@1@#@23
Targets
-
-
Target
SCANCOPY007_PDF.exe
-
Size
704KB
-
MD5
2d25eb521071cbab69e7880f261ab470
-
SHA1
716e85de7a4122dc69918f0ee06335b9fc4ab917
-
SHA256
a2938e6462b02115d0579cb8a4294626eb792a781b68175844a5fb26ae6de0b6
-
SHA512
5c7f0a2e16fe918d5ab14e8ec10f63371a410214d0db6c748cb82eacbab86f329a07c3adda39a528e07d5cde2ed49dacad24eeb4cccbd9d062840a5a5e78b711
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-