General
-
Target
8c92564bab1246ae8ab958b6e0419bab4e79a29cdc81d91ae41d5b81244bbfd5
-
Size
391KB
-
Sample
220521-afz3wsdaeq
-
MD5
37a441410d5dd4501ac1f94b419044e4
-
SHA1
9ec480c1cf348244cca4eb645c175fe56b81997f
-
SHA256
8c92564bab1246ae8ab958b6e0419bab4e79a29cdc81d91ae41d5b81244bbfd5
-
SHA512
190ffa2507c46d8f68aa5101840230e282d2e3848af3f5e7aeb5e5312cc06637e48865a5597f16aa02658fe7b7c004f511f75f6abb593f89efc3784b1e3a4141
Static task
static1
Behavioral task
behavioral1
Sample
BL Draft and Packing list.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL Draft and Packing list.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
^#@&^54433333
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
^#@&^54433333
Targets
-
-
Target
BL Draft and Packing list.exe
-
Size
578KB
-
MD5
f533135fbe5aaf291f641d3365f4bbe5
-
SHA1
528c9070997e9fa82cf24b121d6a4a272f7627a9
-
SHA256
b275294485c13f167c07e4cb6d58778e9c0b4d1bf727002b947dce7138ad4312
-
SHA512
10d57da03f690855ce1b0c1930cf0a5fc4e8bc358b4790cc1eaa945e8a76991998527b5923921ffaf8a145cd96345d1b83b18c5ad6e2bcecdaf76693bb73abe6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-