General
-
Target
8ca6094f26c01b9c4bff58dd951d7317030e95e65ba13570adfe1832bd06084b
-
Size
878KB
-
Sample
220521-afxyjaabg3
-
MD5
b402d072c863f2c7b44e952dcb60e8a9
-
SHA1
34055f8c9fee048c8627aae3cbb09ff9981041df
-
SHA256
8ca6094f26c01b9c4bff58dd951d7317030e95e65ba13570adfe1832bd06084b
-
SHA512
01f5e4c891cd314052e7731a3b3ccc75bf1d35889f29ad7481a40bffa1e7ee1f2b69f15e31a42a50764d2265bbe33e0a2469272c45cc36c9d4d1ec1664324fb5
Static task
static1
Behavioral task
behavioral1
Sample
New Order 2020. PDF File.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order 2020. PDF File.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
babaanu12345
Targets
-
-
Target
New Order 2020. PDF File.exe
-
Size
1.1MB
-
MD5
45b1298dc7a0795c366aa8facded3a93
-
SHA1
3958ce94bd5c0345a8b3d7c7ad32a0b780a33efc
-
SHA256
aee0659a73d3ce6eaaeafcfe545290f95e8e52c3f640fca9fcdb984a17ee27c0
-
SHA512
698092a1c3986e16e2a876bb5b9d296b7b2ce222c53acbd503faf5df9b5140b28d29c7837e456d8641af7b57e5118dde13e02e5eb45635c3c60284c04fa76ed9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-