General
-
Target
f790caf77bbf4a4a918ead10a24038ddb95d4116cdabbf0f57b51857389c4fa3
-
Size
404KB
-
Sample
220520-3jrvxabhfm
-
MD5
9bff9056d6264c5d6a20a8b5c234a40b
-
SHA1
ec3ecdb5d6ec8b4cbddfef2d7ca6c98e8ce6c326
-
SHA256
f790caf77bbf4a4a918ead10a24038ddb95d4116cdabbf0f57b51857389c4fa3
-
SHA512
ee119be6d0a544e12c8cfb268d743abb070705a905c6360e91199a66976e446d762980dafc1cfc645fd3b8c1ecbaae6315e14a21a13d4a31e8dc05a683de72ad
Static task
static1
Behavioral task
behavioral1
Sample
FT 735 - VS DDT 2347.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FT 735 - VS DDT 2347.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
prosper12
Targets
-
-
Target
FT 735 - VS DDT 2347.exe
-
Size
464KB
-
MD5
4e093ec8fa2756d9978383a957f27228
-
SHA1
812b8e75fbecfaa1a1b98277305d8eb3daf4ab52
-
SHA256
6f873c8396d0097485898068e51d5b9bc771a109fbe95a4c261dea424374d114
-
SHA512
9027fb0955e89064597c38a329277fdc1d58f139cd4c61cde1bf761fcbf71fa781689e8a356a926c262a2b32d506d3d91b7532dbc5884f428428abc270d75269
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-