General
-
Target
08ff8988caa1a32b222abcb7af2152626c596b9ea22ac112a081d005429a2358
-
Size
390KB
-
Sample
220520-21tv6abcgq
-
MD5
de87fb36aa4252206cd23195448bb529
-
SHA1
e9960b711307409b6abc6c4c6d796719360268f7
-
SHA256
08ff8988caa1a32b222abcb7af2152626c596b9ea22ac112a081d005429a2358
-
SHA512
3043d38f1bdc886a9b5063e9552d5bc645b092db7135f36ff7995cefdaf3a0014342aebeebfebbddcc34caade153f2b94d985e3b7763c5eab8ed28276ada8e83
Static task
static1
Behavioral task
behavioral1
Sample
Ticari Hesap Özetiniz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ticari Hesap Özetiniz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vinorema.com - Port:
587 - Username:
[email protected] - Password:
tempranillo03
Extracted
Protocol: smtp- Host:
mail.vinorema.com - Port:
587 - Username:
[email protected] - Password:
tempranillo03
Targets
-
-
Target
Ticari Hesap Özetiniz.exe
-
Size
482KB
-
MD5
306f84240ddd27fb57215e1f1aa44074
-
SHA1
d511573ef3010970c7ca8e384b0d8c872319614b
-
SHA256
f22c6493e79585174b56a26a406c8986d0a8d1526c4b3a5db984297979686ceb
-
SHA512
07727fd9085db2fc271616a1f3cf323adc3d7d2be78bfc3ecfc548deee5078e7b6bbd64276e8343c2c48348f7b1fac13611dad6c7a5d06a620b6b3dce320ef74
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-