General
-
Target
a64c987e8082a94e12e4900fffffc370947c8afe55a39a4a5d2f4b8d263ed474
-
Size
383KB
-
Sample
220521-aac16shhd2
-
MD5
23c9da60aac83ecfdd94320637ba4140
-
SHA1
c25dd8287105b39201d3c7ddd45a361ce2ce483f
-
SHA256
a64c987e8082a94e12e4900fffffc370947c8afe55a39a4a5d2f4b8d263ed474
-
SHA512
30a505db7df8ff89c5006304c3ec06c3dc6a74afcada10ca41fdcfb11b50b1de7d0b4824ccb3e703d0117bd98ceb5bb5c7e71a9dc6bd44c11c97c46ded48a73d
Static task
static1
Behavioral task
behavioral1
Sample
Order(2)34014072.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order(2)34014072.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Dmacdavid
Targets
-
-
Target
Order(2)34014072.exe
-
Size
575KB
-
MD5
809e1f217c74d22103f4384ffad1d67d
-
SHA1
6913e1db75535dab4e1cc08610aeadccdd2a47e4
-
SHA256
f96a186d42be8ee969291167ad5f02198788ce013945bf13e02ee13ce4454049
-
SHA512
c974c1b9bfd35c6d453a353b73e5930c5dde0425ca15fec8aaa77ee30929e9e952bf7045fd6e20433b42f6ab496f30663dc4513725418d5143bd53e35b2ddcaa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-