General
-
Target
976b86a00878956cc8d7d97fc9979862053d0e1c4ef277ebc71cf958a12bfe31
-
Size
451KB
-
Sample
220521-adkkesaag8
-
MD5
8bc526ab7b619ac865716a7acd513aa3
-
SHA1
999b4cf521e3259d6e8c4a4220d0ecc8019b4b9a
-
SHA256
976b86a00878956cc8d7d97fc9979862053d0e1c4ef277ebc71cf958a12bfe31
-
SHA512
a4dfcaa43b978d9fa50e2a8b59ec0f4087859c4f77161f8bede877a65a260a8978cefa33736366268b15459a8e039f9bfbf72dde162becd513602d9748a44490
Static task
static1
Behavioral task
behavioral1
Sample
TNT DOCUMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT DOCUMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
TNT DOCUMENT.exe
-
Size
507KB
-
MD5
75149b45dbd194d67dd279d0b322bdf8
-
SHA1
074f248b7f169d44b31dd38a348fdf08e5bad6a3
-
SHA256
f61ea2b82ddad99865b46c4a79b1f0e54c7ed82389fc3bbe5e346310b47f6355
-
SHA512
5bfe7bc12f36d56eb92e7eb85229e1fd7f31503f7a25c23dd33529d77ba94d47a3110f188ce979dfaaaaefbb38b39aa73ccd7ee322569decf6c4a40e4300e31f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-