General
-
Target
5e60245754303149a37219624e2dfc64fa4dc2028fbd98fce1bb0957d03c60d9
-
Size
502KB
-
Sample
220520-2gyp1afch2
-
MD5
af722a4304fa4666d1519e0dd6e9905c
-
SHA1
d4dd20eae3de7ec0ceb7ba40a991f4e29758b727
-
SHA256
5e60245754303149a37219624e2dfc64fa4dc2028fbd98fce1bb0957d03c60d9
-
SHA512
85d0a9c9053bdd3a8a662d3025d136136231b0857a7f31a5edb9c81756e42e1c4f66351185f45a02f85b784a3b28b4f1986d02d7271d060f132b69a9b65ebf75
Static task
static1
Behavioral task
behavioral1
Sample
Ticari Hesap Özetiniz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ticari Hesap Özetiniz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pkstyles.pk - Port:
587 - Username:
[email protected] - Password:
u@Lu)8oz~9+9
Targets
-
-
Target
Ticari Hesap Özetiniz.exe
-
Size
535KB
-
MD5
c9d8a2ac249ab76e1e808e7956ff7354
-
SHA1
ed7055fb28fac28fc2f6a8bd315a5d26f9106b54
-
SHA256
43b9043095de14d30537478501d00056ff457e325588282279826e42bb01810d
-
SHA512
bd25d0c2d986eb4c34f2b05eba5b0a00443d00901e3e1cb153469485a28a882860c87262e4c0aa6eff4ab33d590fca43a29dfbca8d98c5e8640058726b0be40d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-