General
-
Target
be19230bb09223f7c8dc79f5c4a86f1ba50c4aabbb7269b8b20f67b5a7ffb70f
-
Size
471KB
-
Sample
220520-3wytzscecl
-
MD5
87d9243746b4de62d659fefe709029a4
-
SHA1
c3efaa79e1554e5a5f82afa0381aaa77ab0f8459
-
SHA256
be19230bb09223f7c8dc79f5c4a86f1ba50c4aabbb7269b8b20f67b5a7ffb70f
-
SHA512
89b3d2277d041332143f6a96c42413a9c8a1cf31f4e2107ab28a60626e2d1a0fe2331b10fae5573903c5f203fb5328cd482a92be5e023f24d6578f65bc484c54
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER Pl 06.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER Pl 06.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER Pl 06.08.20.exe
-
Size
583KB
-
MD5
45da796ec0fe2831f2040cd8093cd28b
-
SHA1
6ddcae4081b776ec69fc432e97d6fe7ce4fd8fba
-
SHA256
7b4a622ad10041c4f2e0dc88cf52aefdafa8ca0218be57246de2767793aa839e
-
SHA512
2dac7dee4a822cd86c28b0dc2c442ded66ff9431d822f876522407dc667e674c1ce5f47280b65217c0fcc2dd2c81ac249fd8015b967215047c1eede7e37c2abc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-