General
-
Target
8d269f4ffb0f0218044445de27e14776726fc1b6e77b8361257ece1ed169bdfe
-
Size
506KB
-
Sample
220521-afvheaabf8
-
MD5
fe58dd0b1977da5eccb649c2c01a26e7
-
SHA1
55640d6f18b7e43f9a6c2dbe3dfd7f570ceaec03
-
SHA256
8d269f4ffb0f0218044445de27e14776726fc1b6e77b8361257ece1ed169bdfe
-
SHA512
4837d149460b4bbd98fee740156915b22326884c77430081a2321242cb42734fda039da785ec4f5b89b75c26c6542b0e4c21a600dd3c4b5f3665fc118029376c
Static task
static1
Behavioral task
behavioral1
Sample
AWB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
pmoneyboy994
Targets
-
-
Target
AWB.exe
-
Size
756KB
-
MD5
0e85e95b85652959045845f782769554
-
SHA1
b8b037b50ca8f99d114d6fa18696c56bcd2e296f
-
SHA256
e06678f901a62946c8efbb77629b9af98d52bba1c8c39e509c4ac31081ea3486
-
SHA512
2008857cdb23eb9cfb86c532f5a31dbfb1606277de3415d6faaa1afaf58843aec9caf6d07eb86a412c57544a62a99da86db7ade7737b7e0952e32694a1e7ae25
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-