General
-
Target
8f4aa88f9bcb1576b013a4bb0a6155f2c8a0c4e30f8e79f1567216337e0e908a
-
Size
450KB
-
Sample
220521-afgljsabe6
-
MD5
0319ab9da046c7d5368b740d93e3e01a
-
SHA1
cfdcaa2aec45be2aa5e0dbe3b030554d62393ab1
-
SHA256
8f4aa88f9bcb1576b013a4bb0a6155f2c8a0c4e30f8e79f1567216337e0e908a
-
SHA512
b7a4f05c16d985db0c8d22e12a6b25777472b1af26f0b014a9d0692c8f405a8d04196572a9179236223d60b3485fc54269121384acf995f4b3d555dc76c40486
Static task
static1
Behavioral task
behavioral1
Sample
Doc_072720206446.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc_072720206446.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kelechi12
Targets
-
-
Target
Doc_072720206446.exe
-
Size
527KB
-
MD5
e4779604597264d5b3027188b7fd08fa
-
SHA1
095aca48d9e6a83bc8d327457e6b2dffdcb01afd
-
SHA256
b2755efb7d2ef6f5bc7214e4d02dbd6c48cd299f5477924501e97eee7a088b0a
-
SHA512
0c93b0a8544468548714fbdbb0545243de9462702b6fbf6a909aa3eb3ac06be0e787dc47cdb0f6ad57e6f04174d26d6339493163b0da656994a08518d51fa2af
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-