General
-
Target
a5158fcbccbc2456a4397ca9dce8f72f9db0a1386e20f796c0138afad0b79dd9
-
Size
606KB
-
Sample
220521-aappzacgck
-
MD5
d1ca7f7239ef4677701d5d86d04892e9
-
SHA1
532f57ccc9523b3056b894564d4a1d70e9ee69bb
-
SHA256
a5158fcbccbc2456a4397ca9dce8f72f9db0a1386e20f796c0138afad0b79dd9
-
SHA512
9772241447615dc068ee31f64bc797a83df61fe9e00ed882e0db8f842550e518349b1aa08176a879769699e0db08c44657eacfeba555fc6342e78625c538a318
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advise_Pdf________________________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment_Advise_Pdf________________________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
London@123456
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
London@123456
Targets
-
-
Target
Payment_Advise_Pdf________________________.exe
-
Size
544KB
-
MD5
eabad732131c926fa30bbc42d3d1bf18
-
SHA1
b71b208ae96647cbab5e02640ef0cd7be3dd7b61
-
SHA256
d1dd3eabe8a8a8c417efe6e7727712720eaf1ce68058734d1df6834cf654426f
-
SHA512
eebdf2229259a44a60f45442aee9648b991e680c1051b6d4e02499b25fff961ad644fbdeac5c4a40b5213348a1f3185562b4253eaf8b7204f770cdbdec266b1d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-