General
-
Target
7cca2cdb8aeeb9579fc7d30c807f5e26b97874a7258268419985f737cb641983
-
Size
373KB
-
Sample
220521-akf6ksadb4
-
MD5
f41243300462a94154e72dfa1c8a82ff
-
SHA1
4b0dafe6554976c10c1be5924b1bf73d4f23341b
-
SHA256
7cca2cdb8aeeb9579fc7d30c807f5e26b97874a7258268419985f737cb641983
-
SHA512
74ad54755ae251582e6a22f4769139af141deccefba14df70a676256e9a7525397ae0123436212e7ae6c38ec0020e73a8a98ae60c3beb6e9aa403a07c850db8e
Static task
static1
Behavioral task
behavioral1
Sample
Download_Tracking_Refrence.16.07.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Download_Tracking_Refrence.16.07.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
mosque10
Targets
-
-
Target
Download_Tracking_Refrence.16.07.2020.exe
-
Size
565KB
-
MD5
55d1554ca5fcc707f74a8a15946f08d9
-
SHA1
233f06592311d61cace26f9d7030380a701c5c83
-
SHA256
2a17b047f38d7cb38cea7210f175bf60a6c595c2f4aff83a0be1af43331010b3
-
SHA512
968a6a80df0fe6e87e402a0fd691220ef8a8dea75d920a03e8c3746b6bd125a330c91fe5e8f5c41774df3a794063e7f52a96011f7f46b9413b8b48a71a9441a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-