General
-
Target
d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f
-
Size
385KB
-
Sample
220520-3p6w1sccaj
-
MD5
2771424e883bf1ac96e1bc4c777e9e19
-
SHA1
c7cbc193d0268896e4065c55ddcb477551a8c9fe
-
SHA256
d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f
-
SHA512
d57f45c01b177cdcfcc451b00f1885d43a7d81ae39ec8ac63255ec4fca16541f2b0f07c02659781fc08d587adb9478658d20a8308749107d662896212d34d32a
Static task
static1
Behavioral task
behavioral1
Sample
sheet#56734600.email.eml.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sheet#56734600.email.eml.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Extracted
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Targets
-
-
Target
sheet#56734600.email.eml.exe
-
Size
563KB
-
MD5
69814a6dd9c58e33bae3ebf4d524a0a1
-
SHA1
737bc1ac1ec3f17ba0a4a2c3dadff051b5d93393
-
SHA256
6e2258b3549aa0a57f3af990295f6b580dfeb2ddbc242185cc9cb23f4ca946c4
-
SHA512
3c5a1451310ef4ca5accf120dcf6319c6cda962c3e2610afc532413cfc66b6ee39cc3e22248e094da2601c6cf5390c60722f0c77554d0fdd680edcbb8604a218
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-