General
-
Target
68345daaabd98b3ea68357e94f7940b4f02b81993dcf7e9f49a8a515aab3d62b
-
Size
601KB
-
Sample
220521-apfqlsdebl
-
MD5
fdb92e19d87b9475ca6202985fc1526a
-
SHA1
443c63bc7d2da129a6cb2ac785bff8362ea47082
-
SHA256
68345daaabd98b3ea68357e94f7940b4f02b81993dcf7e9f49a8a515aab3d62b
-
SHA512
2d666424363d7459dea6827c61bb3fc365a81556fa09cbdc6c4debe8e73f264ac57eb5dbd2783d5650552faaace2da1bd32f535895f56ba2b2780ed59929d18f
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER PO 30.07.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER PO 30.07.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER PO 30.07.20.exe
-
Size
771KB
-
MD5
9ed34d32a86794d0f5b88d72233569cc
-
SHA1
a227da42025ed4c4a61bcb4b7b995ac868407bb2
-
SHA256
3e0f73ce13623cee18d55d11189dec1fa8d3a7fe10246f29c9124ecc752b7a30
-
SHA512
51048684a5e20932d65bd02af97ff200b55398f0fcbc23f8c78eda1a64d0a82fbd9db4c41791b6bdc79bf1fddaefaf5329caf110596c6a0767b2076d8d480df9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-