General
-
Target
f90acd14d8fe024146b470c42a1cf95abc938e8a2be60e0e1ed124787a9363b7
-
Size
393KB
-
Sample
220520-3h9pbsbhdp
-
MD5
d4282dd57339d232153c8273f0b24a69
-
SHA1
c98300d4cf174e7e1f9776b3b6809018b210794d
-
SHA256
f90acd14d8fe024146b470c42a1cf95abc938e8a2be60e0e1ed124787a9363b7
-
SHA512
59dfa1a6f07920e1ae54182cebcc60951a84365862af7c3f5f93502147313a99c9c3184cb6d4e67540f79faa51b6399894cf13abc4b1751f6c71e136c03bcb99
Static task
static1
Behavioral task
behavioral1
Sample
nAzwCl5JbgDN9JQ.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
nAzwCl5JbgDN9JQ.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
stark123@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
stark123@@@
Targets
-
-
Target
nAzwCl5JbgDN9JQ.exe
-
Size
492KB
-
MD5
ba4ca82ee4375ca5af7fa9ade01d445e
-
SHA1
e370ac738a52a58cad0c58a392d817e7eed3c650
-
SHA256
725812db416e89c4bafe2924855ab5a3f7769a22c69bc02038bbe58e95c6ea7e
-
SHA512
be84bf6d45d57d5759d6a9fb59665443a253ce2f58a72b5dfc204ad90dbd2f7bbcc1918e5083c223dcfee4e3525a7fe759c1b044a8284eaf385b0439d86be8a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-