General
-
Target
6a0fcb5d8f6af7187988ecf60ab501cd9f3f4adf6120b73dc5bb6c79762d440d
-
Size
487KB
-
Sample
220520-29l7nsgdh9
-
MD5
898700e979049df00303aa2a73745afb
-
SHA1
1f625b226058c5e416255a86937ebf40c2e27eaf
-
SHA256
6a0fcb5d8f6af7187988ecf60ab501cd9f3f4adf6120b73dc5bb6c79762d440d
-
SHA512
bedcf1efbd0739fd67262cd8371d1e130948cd02c3d8ca6f388953092f231096bf509569bee9a5c22f82e49d765c0c81ad5b28926a2bea0763e9d50d354eb053
Static task
static1
Behavioral task
behavioral1
Sample
Cotización.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Cotización.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
westernpremierplus
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
westernpremierplus
Targets
-
-
Target
Cotización.exe
-
Size
633KB
-
MD5
db9bd8b19c0dfa9f3dbcf6c1eb2db758
-
SHA1
402271c81c2206ce62eb6a9a84468df7cf23c657
-
SHA256
c5411f20ee7c363ca543f00f10c8504da8d0cd87221333deb952bc3ee8f7a29b
-
SHA512
37b4b718da4d38236d0a169f9331ff821915e663c67c003abab0df14e691c047080deece2e3b31be75ceb355b90d7ae91a14ab3214145bde62f7e77272304e94
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-