General
-
Target
ddfc12e7ddadb59e36eb29c5326e58ba8cc486e61acb83d9ecac404fa61c7739
-
Size
478KB
-
Sample
220520-3n9xaacbel
-
MD5
7dbeb863faec34130464e34805f54777
-
SHA1
ea43c7fd0b6bef1634f1792d525c50ba1e12837a
-
SHA256
ddfc12e7ddadb59e36eb29c5326e58ba8cc486e61acb83d9ecac404fa61c7739
-
SHA512
bfe44ba941ca88622087388ef30b1cb082c667fbc646443181ee87a360acf584e44cf14966839523099f8b9a07cf425047cc13c36606a21b586ecf16463eac85
Static task
static1
Behavioral task
behavioral1
Sample
Scope Of Work.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scope Of Work.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
challenge12345@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
challenge12345@
Targets
-
-
Target
Scope Of Work.exe
-
Size
503KB
-
MD5
d8e9997b8872315a2982bc9418f14630
-
SHA1
4739fa281a70c2989c7b03f72c928780cef6a25f
-
SHA256
d506b23a03a75b6f7c9a10613a6b62da0acaae363ca72523e8e1cdecb2b7f2b0
-
SHA512
5b58f8e7439bd92a2fa3ed0384754dc094a03f51f66f4cfb2e1e7b5c63188342c7eaf194a2f7763a3f2bcf68174af71404874ddac24e0a27dd0264b1b9279805
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-