General
-
Target
d2bb71ce3627493076a6896cf99455be40c7a0ed452c11146abfa1e069ff6483
-
Size
378KB
-
Sample
220520-2v3acagah3
-
MD5
4d55267b7c4736a978931399201b8713
-
SHA1
357fc4c3a9fa3aba3834762013696180d4015fd8
-
SHA256
d2bb71ce3627493076a6896cf99455be40c7a0ed452c11146abfa1e069ff6483
-
SHA512
371f632402db488348f635f4ebefdc3398bae958311e62eac68ef3804a50f85c0f35e25f868e1213b80ad1cc21860d396e60f81b08ed56aa5609380678ddb16b
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Image001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ikechukwu112
Targets
-
-
Target
Image001.exe
-
Size
433KB
-
MD5
b27f96b5ebf8adafbf1fc9dc097fc43c
-
SHA1
059479d162b04364ede561d05250f561395cd50b
-
SHA256
05ea9c58563a4b38dbc86c5be7ee0713a05657260b35ffba490a766c88baab96
-
SHA512
8b324d54dcddd6db08281ddd4b258f1f846ca9d4b0a38a7a0bc751f54d51c977fed62121e088efca6f0873f28f00313e9f55011846b4b96c682dec13510f3618
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-