General
-
Target
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b
-
Size
671KB
-
Sample
220520-19pgcsaaeq
-
MD5
1f7ee4e548cc959a2af30e8c69fa64fc
-
SHA1
faee84d36b854e3474c90be3522d639ec515d8e4
-
SHA256
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b
-
SHA512
d0c037ee91675df28b31bafd520abd25a48cd11408a793142310136316b2898742fa8fcef9f5b483b623f939ebded5a440b7f3024fd9ea7d8a30e0a253b5ca66
Static task
static1
Behavioral task
behavioral1
Sample
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Targets
-
-
Target
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b
-
Size
671KB
-
MD5
1f7ee4e548cc959a2af30e8c69fa64fc
-
SHA1
faee84d36b854e3474c90be3522d639ec515d8e4
-
SHA256
752a729c44f85d84b1ccef7fa55b545b4c18ea516ad276dc3cbedd2e12179b2b
-
SHA512
d0c037ee91675df28b31bafd520abd25a48cd11408a793142310136316b2898742fa8fcef9f5b483b623f939ebded5a440b7f3024fd9ea7d8a30e0a253b5ca66
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-