General
-
Target
68ebe4d107eff8796332f172ae68bf57c4982722f43e28812cb2b6b43e067d46
-
Size
365KB
-
Sample
220521-apcc7aaeg6
-
MD5
d1883c6e2b6f84515ab22949132b93a0
-
SHA1
293b9a7a58679d3d20d74cddc60fdfc4cbcf54e1
-
SHA256
68ebe4d107eff8796332f172ae68bf57c4982722f43e28812cb2b6b43e067d46
-
SHA512
2857f7db81d45af725bb6b61d7ade5946e89820ada56609bb086d21b6bfc2fe5cd9d35da06282c80d82a6477124f867e46ab1fab8de47ecce250d0a927442930
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER Pl 05.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER Pl 05.08.20.exe
-
Size
405KB
-
MD5
e6b13801043a70e1283408b45e6dc618
-
SHA1
82ca5d3abdb96b87ffdb09ee9fe4a7a26a0b6fd5
-
SHA256
6dcfdbf37b4eda93ae3466ba898d3c33170c8f10886fbf548fb82a40145caa87
-
SHA512
e5f9baf9c416d6074e121302dee5dcfbf136d1dbdf05de781d2c85cc0e581523eebd35093f2bf7fe0772a34e366d68cdc243c7a6777cc01312aea223d5e97c30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-