General
-
Target
89305ba80e643b482b8771dc84918b169e44ba8eb5f808348666738158617e23
-
Size
410KB
-
Sample
220521-agwf4aacb5
-
MD5
12221ffdb5716c711f09bc557822f866
-
SHA1
1edd8e53f131caa8958879c163d27e4f241a1a22
-
SHA256
89305ba80e643b482b8771dc84918b169e44ba8eb5f808348666738158617e23
-
SHA512
283d19faa757e939611dc17fb88dd3a38f633ed245de15a7c0e1622eb77257e7e40191cc364c099bb553cb3fc03bbe612c3f60cd86496572aa0b069be27c5742
Static task
static1
Behavioral task
behavioral1
Sample
3454345665432_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3454345665432_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
sample12
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
sample12
Targets
-
-
Target
3454345665432_PDF.exe
-
Size
453KB
-
MD5
b6ad45078bf162c1023f1abe6f5c2ee6
-
SHA1
24986c2c848710286f23dfbadffeb4cd5eda6648
-
SHA256
51161728627b1ccdf0ad9b9228e0d0e1bdaecb11530c53dcc10df9f31ec2255f
-
SHA512
929c2f81fc088dda6107892e7871653ce1b3f300f63a3e761791697e6e3b3e5f715e9b1357d6b6c71476d0c6bac063a80c826eae4453b1ee700fec4e64609cbf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-