General
-
Target
7924f9c316abfbf6f7093b7400a8a630269736dda2b7bcba11f7e4e1b4fcc6ab
-
Size
444KB
-
Sample
220521-alen5sdchl
-
MD5
2c2e24a1e9b832a86c965fa0739a81b7
-
SHA1
2041bdd44ea1a7ba4b13c3166e488087ae3daca1
-
SHA256
7924f9c316abfbf6f7093b7400a8a630269736dda2b7bcba11f7e4e1b4fcc6ab
-
SHA512
732022e58493f70955fa0163d6176a6c2d23e23e387ffcc802e7df8a1d714217a85b96f2bce63996ac0bd0cd44bd2421a596a7719b567fbfe2b13296b0315158
Static task
static1
Behavioral task
behavioral1
Sample
76756-WONFT4-BTO-889769-F3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
76756-WONFT4-BTO-889769-F3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
08037112075
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
08037112075
Targets
-
-
Target
76756-WONFT4-BTO-889769-F3.exe
-
Size
498KB
-
MD5
6daae5b0328031444500a871282913f0
-
SHA1
0e5cdd30b247a0147697bb8d0a9d102b15940e20
-
SHA256
f638bb071b2875d5a6c3fb4903087ad419331fad2d64f88d9a207f0e39bec984
-
SHA512
e739f18462ecce3cf8b9538ce6e73ca21ce8b63278db00e446602ba876ea7d76c81e600e3dbc63097a6323750118ec393cd18f3af8be87c1e6d66c16a8156d44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-