General
-
Target
c458e9e5a1e5da79825a44921e3d86d8f0b3688eff84869c18786b3fe61a16f2
-
Size
369KB
-
Sample
220520-3brvyagfa2
-
MD5
49c45b25103240636a1fd411e3356342
-
SHA1
305deb2471f6807ef82738d73ce8f330a1af5483
-
SHA256
c458e9e5a1e5da79825a44921e3d86d8f0b3688eff84869c18786b3fe61a16f2
-
SHA512
a13ace7e4e55550584374327a20e8cf3e5ac07e6ca73ba02519d7ad95beef15692b29aa04f609d163d94dad3b2d5cb3619ed4108c764b46e9b8a6346dbb4efe4
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER Pl 05.08.20.exe
-
Size
435KB
-
MD5
958d68454f83e8b9a187d3622ef1c326
-
SHA1
7fad85133882781e41f78ae2aaf2a47aaf812f74
-
SHA256
77bbe59685fd4ba30b0f14c6471ba479adbe790de6499c7ea2370b2055fcc9c3
-
SHA512
d24af9a0870703abd9ac6974d5fd716b38e941237ba036cbe0e0c65e6b341161c8f6c413fc4977f2bedd68a42cdc15b4ef11e0c9a06097d374f1bec7a6e1235c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-