General
-
Target
ad7b54611599e269afcf9494f72a7d6adb16e530c5bfbc07f239610969979903
-
Size
515KB
-
Sample
220520-3z92eshgh3
-
MD5
440e1cbc092e5616620b03daf659f8b0
-
SHA1
b24c4908b04db798bdf59f2f872df743f2d0bb19
-
SHA256
ad7b54611599e269afcf9494f72a7d6adb16e530c5bfbc07f239610969979903
-
SHA512
f75d615ab1769894eb655f4f50d1173ec609533d31b508027b8ea632199caaf830f7e715a492ac1813494af1731faccd6f1bd6581b506700b3bb5ed6fee8e4f6
Static task
static1
Behavioral task
behavioral1
Sample
Quotation for MRS-KNRP-6842FT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation for MRS-KNRP-6842FT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
Quotation for MRS-KNRP-6842FT.exe
-
Size
765KB
-
MD5
1d5150fc0821efc48760b646df98209d
-
SHA1
b4aef64f3772babfec0711cabeaa1a16441be950
-
SHA256
63b6e03aef79da7003a5b919a58b496450ebcb0dc183985b48c5ed96868e05e6
-
SHA512
16e6b9eed379b2ecb834a4c4048f21231e08a2b2220dbcf749904b91608330bac7ce1c008a50c60e917d042c527a54abad4db8c5fc5bd87e4613ee64711a647d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-