General
-
Target
428d98047ab3264b6c653c4500a1422c25829a9237955c2709da7b8ec38519b5
-
Size
556KB
-
Sample
220520-2jtttsfdf8
-
MD5
edf2351113d871fb353718aa19cefc70
-
SHA1
e909bd8b625b81698ee98efb3e2d5f871578e7c9
-
SHA256
428d98047ab3264b6c653c4500a1422c25829a9237955c2709da7b8ec38519b5
-
SHA512
30ab222cbaaa2daa331cf03b5e2e768d5231a803962bd449060b7b66e2d7dfd9b418df9a15afd3a37d5a4b68fd4011ef63c7ded24d37f47b53812f7137874418
Static task
static1
Behavioral task
behavioral1
Sample
PS-AVP2-202098-20.xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PS-AVP2-202098-20.xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
PS-AVP2-202098-20.xls.exe
-
Size
590KB
-
MD5
b7134c001fcf541f93ee8b0a5fadd337
-
SHA1
f153f737b71e4a8cdd59bd3a6ee2910c4941c0c6
-
SHA256
fe6515e661c3c83f45ab0727c45909344f41d8ad37123bcc35af0232378d60b8
-
SHA512
ebea51e10eef8382b1c9d6324a6d5d5e5ad7953681c895af852fea80c57c9b93584ac5a9b72f7db8bd5be301bf4c5b77f8b6d3d9a0348b07f647bad7920be907
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-