General
-
Target
0829c3d677e5c7b2608bfee2512d63e726eb13bcd6d185781f2a0914ea95e103
-
Size
459KB
-
Sample
220520-3fnzvaggh2
-
MD5
ed0aef8e945948a2313071df2e1f434e
-
SHA1
8f463da123a736810a0822ca0407dcd91a4b97f2
-
SHA256
0829c3d677e5c7b2608bfee2512d63e726eb13bcd6d185781f2a0914ea95e103
-
SHA512
b9a3a0999fa4efd7d4f213b5128a486eda72262221cfb449c4978d9fbcfb03a6dbd341746c52cd4f9a00a7ed07ca837c2f2845d290675997098677d519aed97d
Static task
static1
Behavioral task
behavioral1
Sample
TNT SHIPMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT SHIPMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
HighKEY@#@@#
Targets
-
-
Target
TNT SHIPMENT.exe
-
Size
664KB
-
MD5
dbe9660f01ee0a6e15539d961c77b8c5
-
SHA1
464e6254d17015efc593b0fee0bb9e3f552c32e7
-
SHA256
d09db6d2d1ffe48600422f7d17e18e62233a505fa78339f3805ea56cbb5fbc61
-
SHA512
21a1b1e5df176c7e2a7186719d3e0568a8c0b410ead175dfbfcec2a652de94f94ef089ea8e7ca9fd21a9adeb3261c6615aed2f59c2cdee9aecab19758b0d35e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-