General
-
Target
07233642c7950281930d250fd04fc125415df3e90f2116c0df97658af8249f09
-
Size
295KB
-
Sample
220520-21v38abcgr
-
MD5
4c0c53532dcbabac4be87563159fc736
-
SHA1
0d776ab214bb4ee584f4f187e68a219ad808b532
-
SHA256
07233642c7950281930d250fd04fc125415df3e90f2116c0df97658af8249f09
-
SHA512
90927647b05de3593c3d9c51301b7e3c00024f2067fb07f59a93de2b7feaf08a8703d5cdb05c85f302ab5750c1e5bcb9578133fe4ddfd4ca623009e50adbc92a
Static task
static1
Behavioral task
behavioral1
Sample
Products description.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Products description.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
JEHOVAH8899
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
JEHOVAH8899
Targets
-
-
Target
Products description.exe
-
Size
603KB
-
MD5
19987543a96c675d45ac4e7212d2f465
-
SHA1
983555e698609ff5aee11137982545b2281679ec
-
SHA256
ba4c584519a8fa8a90a906dea86ebe75bb3464190a152467d32ebdefcfc4e643
-
SHA512
ff1a504fa8af3947a6e6a764b1a15827a24980134522cafbb9b75efe8427d057d8b61ffd511ea5dc69afc51355c5f5b28f27d72fbe5c85576bbc169e89e01e6e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-