General
-
Target
a02c07eeb131beaefd161b50e9b5ba78ad9748fb4d1d0508736ea4f68c988fec
-
Size
454KB
-
Sample
220521-abn5tscgfl
-
MD5
31f835a198999550e422728f6b07817b
-
SHA1
5a7815235a3d7cd4da98703bebcc0960471eaa44
-
SHA256
a02c07eeb131beaefd161b50e9b5ba78ad9748fb4d1d0508736ea4f68c988fec
-
SHA512
be1547cc6c04a2711333347f3efe57bffb821dad3e909b9d4a9c8c5081cfbbc66fa57560036983da20bb531de5f3760b93cc5426f3d93253fbbd9124c2a14df3
Static task
static1
Behavioral task
behavioral1
Sample
URGENT QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
URGENT QUOTATION.exe
-
Size
508KB
-
MD5
dea8833080c88a64a95c32da75770f3f
-
SHA1
46634b02970ee3b2691c2c77cbd5b166e3c423ef
-
SHA256
3da8fe1015271b37d118f7e35569efabc9565031c4b23e0f7e6cc5319ffb2087
-
SHA512
bd0319161d8d509158505acf41116c4d5bb7223eac086e460d4f804102e17a9c94b2778469d06d72e78ae457b3898eda4e12752d642a874f619de855790cc326
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-