General
-
Target
f84a683662f0654e8fbe85b5e2103d2703a62cb6adb240f89e776bafdf86ea5a
-
Size
463KB
-
Sample
220520-3jlznahab6
-
MD5
4f0346d7c33e5be3f3e2a9b1718cb748
-
SHA1
9559a77455572af0df1f26f14232c5e8db03427e
-
SHA256
f84a683662f0654e8fbe85b5e2103d2703a62cb6adb240f89e776bafdf86ea5a
-
SHA512
dc0f8d8f5729c2b5cd2860a60a89b016258dcddf4c04e3fda3b63f67ca5a318cec5554112f9bac879bba347a174e1de45c3348ecec3a4bf81249252946a7de6e
Static task
static1
Behavioral task
behavioral1
Sample
QXVa6NvH82Yaiva.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QXVa6NvH82Yaiva.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
esut96092
Targets
-
-
Target
QXVa6NvH82Yaiva.exe
-
Size
682KB
-
MD5
5b0f4ae46d79b6e8016b010d2d823e27
-
SHA1
180c8936879c2da34329042ab56fb628d9f4766a
-
SHA256
09be1d1130ddcf7aa7d321a4c70110c98a344812c818ed0cacfcbab916338034
-
SHA512
b37dbd01043a184ba403c50fa7fe46d5b5a724f13d931a96e6dfb711e732b378807beadb31e42fcb3855cae17bddd6f1f94b6fa1023241aa99d2ad59feafc992
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-