General
-
Target
9f90e8fd57a6d5aba3a7a001972de67ef6065f8d92aa0df0a8ad37be7d5e18cd
-
Size
411KB
-
Sample
220521-abvbvahhh7
-
MD5
2d84b48add3b7b5799867a1b76076128
-
SHA1
fc12899375422bbbdf056f14c0e20186ce16923b
-
SHA256
9f90e8fd57a6d5aba3a7a001972de67ef6065f8d92aa0df0a8ad37be7d5e18cd
-
SHA512
9886bf27eb739af3eea8d0f22dd99591e5a944d1987e26af6697ea994a405aa7807b481dc510aa7862f8cb878aed0cceface99d28b0302f13d75f691376fcbc5
Static task
static1
Behavioral task
behavioral1
Sample
Signed Invoice, Shipment and Payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Signed Invoice, Shipment and Payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
HighKEY@#@@#
Targets
-
-
Target
Signed Invoice, Shipment and Payment.exe
-
Size
453KB
-
MD5
c7a425e4de5f5e6bf65547a72db0f972
-
SHA1
8899da2c5576fc11920dfede5330dc868e1b6b65
-
SHA256
c79e56ff3aa04021d7c99b5d638034780cafce941ff6039fb3bae407c1257e54
-
SHA512
95f0202a7c9a74bfb365c28acd710b9171b69beccdcd45bc387123e98b8dfab9f398ab39b8ba2fb9e3a5a1634b37949daf5b5eaad83560c502506b6862510da3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-