General
-
Target
cf431fff2e253b8ec0638e283dd8db9cd88ae1774cfdcd035668d4582b07fa54
-
Size
448KB
-
Sample
220520-3sksysccgn
-
MD5
7330fe250b06844ed864c7926b5823ac
-
SHA1
8faa6066e70be1bffe421b2a5a54fffa205769a0
-
SHA256
cf431fff2e253b8ec0638e283dd8db9cd88ae1774cfdcd035668d4582b07fa54
-
SHA512
54e630912441d7e7c2279ec9df7d5214a6d2f95ea308ac606ab83bb46def27e3fc07407c326b4d01912c69570dc5d427646a15daf6582c7dc778a4cb2cd4b37f
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Image001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
afoerinwa123456789
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
afoerinwa123456789
Targets
-
-
Target
Image001.exe
-
Size
550KB
-
MD5
8ed0a379505c109384edfa323fd592b2
-
SHA1
bfc2b520d1aed2bb21ef4abdba3fb0535a040665
-
SHA256
054ec2f2a97d3ded97d4f25574b131e809ff1446a1c309a3c76bd4a8cf385fe6
-
SHA512
505b5ed44c111548a399eefc007aad397524fbde8cee55c28895337ceb9d121643e4b65e816fbdab0b0f5baff479a3556949bf570899551ef244ec6b3a2caa6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-