General
-
Target
3232993e675ec890820cd3b0a5b91859ec78d347b8fb54e7a488739ae392b860
-
Size
281KB
-
Sample
220520-2zqgcabccn
-
MD5
7b3397a9aa010a989084ea5fdaf9d566
-
SHA1
8ce29bfe15701e3e244f3e22abf562f3e4342dfd
-
SHA256
3232993e675ec890820cd3b0a5b91859ec78d347b8fb54e7a488739ae392b860
-
SHA512
a73586968d1872589f8b027d644d68addf4c83f567f7391f66c80f79088cb333e4ae11ad61931575535f157416b12dba20fcb8d7d23c829fca48b241ea4a4795
Static task
static1
Behavioral task
behavioral1
Sample
Products description.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Products description.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Targets
-
-
Target
Products description.exe
-
Size
584KB
-
MD5
ef1facb799665988759a8b39ee3a0d87
-
SHA1
9b9e30980ba5e57b2425941ec90b4d27258906ca
-
SHA256
c282cc8f22db07f2bc462448e339d3cf19fe5330e031a956d8c892c4b78b10ff
-
SHA512
c99fcef28788e1b35f907ad0cc62e2aa79bbd1ad6985b9ebf154b54c13c7e97cbb202478c4b6f41e82268fe9b9e743e49f2fab60eb8a9adc8118094af9f3c813
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-