General
-
Target
a758d1b699a781ae018de5268372272892796c2236eb7d80e472eb9e4158a8d9
-
Size
571KB
-
Sample
220520-3emqdsggc6
-
MD5
779f10a28ac3021a573e20aef57b05db
-
SHA1
4d63e806dc39bbafb17f97392b17c659a5cf3a1a
-
SHA256
a758d1b699a781ae018de5268372272892796c2236eb7d80e472eb9e4158a8d9
-
SHA512
730d8d17bf91c29126b54648b7b3deced49b30313ed3e0c365156f640e0da9f34ae35bd4c657db7bbabf4508cdbb484f1ba97ac871d42aa39ebd1cf78a2417f7
Static task
static1
Behavioral task
behavioral1
Sample
ScanCopy20200807_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ScanCopy20200807_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
lilkooll1234
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
lilkooll1234
Targets
-
-
Target
ScanCopy20200807_pdf.exe
-
Size
893KB
-
MD5
6de19011d8811b1d45586bd4b7848f7d
-
SHA1
5201f00363ac9834d55fcd58010b1ccd795b65f3
-
SHA256
adb5b49df1f9fe891c6e22c0be6e531d42844a67e105bc5a01eff74db1a8da1f
-
SHA512
e04a138234779bc444886a12330b260611e0a8e0472c3f15b065e0b785a6d6cdd00c50703e405b45f6cc67fc236a54a6787e07cb2673ce4d27c809ee12e6b60d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-