General
-
Target
79148443e4254671a974b980627cfdf60f89d9005dd062e1d6e22a228b3d2b9a
-
Size
363KB
-
Sample
220521-alhe2aadd7
-
MD5
535a0103d63397bc38ab0e445343fb26
-
SHA1
b0273ec2b4862ab825677b40fe8c8302e9189cff
-
SHA256
79148443e4254671a974b980627cfdf60f89d9005dd062e1d6e22a228b3d2b9a
-
SHA512
06ff12604fc882b2261cc43a973afaf45d98913157e2b43d63cfaa1a6e66d263ba6158c68936fa9a18eba6fadc5134711016b209fd69db119da443fbce9292b0
Static task
static1
Behavioral task
behavioral1
Sample
payment advice copy.image.scan01.jpg.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment advice copy.image.scan01.jpg.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qwerty123@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qwerty123@
Targets
-
-
Target
payment advice copy.image.scan01.jpg.exe
-
Size
404KB
-
MD5
951376f32a5d7407c6050cf92ef76031
-
SHA1
45209c07bb060f82f002e2fbd11bf536e9cfe1e0
-
SHA256
0b4b9a3ed216be7eac4a0ffa5add89024e0eab7e63ffdf1cb8e8af0e2119feac
-
SHA512
367580f71245bf6891f9047bfec5108d41a094e2622eaaf4a4aab623459df03b2fcfdf13ba5da50c0b08cf3b5711638c1dd4f5336fa2ee353106fc03d6e195aa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-