General
-
Target
61ea6e1342281e38042f00f2a82307b01ceba9b25f78890703e96f8c3eaa9a63
-
Size
249KB
-
Sample
220520-2yn7wsgca5
-
MD5
0d5a55caa2b37267a205606ec6135613
-
SHA1
f34e4f7a0b7a5d0be9cc9d5c63041463d86f5370
-
SHA256
61ea6e1342281e38042f00f2a82307b01ceba9b25f78890703e96f8c3eaa9a63
-
SHA512
1624dd9cbbf5d7067e318ac9d45deaf00f0c4b73c972db496e0d445edb0482ffc615b473ae3a2dbcd118ef5cc2cd75a2f370c7c312cae5190856a2f90682c5e7
Static task
static1
Behavioral task
behavioral1
Sample
PO INOXIA-2020082.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO INOXIA-2020082.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Targets
-
-
Target
PO INOXIA-2020082.exe
-
Size
424KB
-
MD5
ff4ff46409c73358cc11865f5ac36171
-
SHA1
58864703ce881498d78da64cc39510f0eec72927
-
SHA256
eddcda48d1058487f653995ae77469d407cd02a7b2bf9d6059a61ddeeaa83f70
-
SHA512
88a6df6bb13cdaac34ffebc7a10a5bf371d25cbf75a2c5206d87cfbbfdea1c16b179f1c98f4eea52ccac914927e508fc4a904ca714cb24c87fc06e1302de2522
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-