General
-
Target
5e8c66834959b85b78f0c31b8357f0b2fb2bf5f769bba098ed8febb5574e16b0
-
Size
368KB
-
Sample
220521-arh9hsdfaq
-
MD5
fd674670ddc2d0db440234333ec036e4
-
SHA1
4a1936d11a939eb1781fa1fd8a2c7b0180892654
-
SHA256
5e8c66834959b85b78f0c31b8357f0b2fb2bf5f769bba098ed8febb5574e16b0
-
SHA512
54eead7e9cb8f27b1294f4c5a6f075e67b7445f6a5fb79b8207e9e0269f34f4e765e3fb292dcdf6a7ba837d9cd6c4ccfa1b658b93d665f7c7a968f1b5f463653
Static task
static1
Behavioral task
behavioral1
Sample
DHL-#AWB130501923096.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL-#AWB130501923096.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
DHL-#AWB130501923096.exe
-
Size
469KB
-
MD5
c786e65bb822125c54691f750699ecd0
-
SHA1
9d4211a47caeedd9674453a3aa1653d4c2373c32
-
SHA256
75fc0beb16fbe8af2f46d2cfcb7176af4289430516d74017d1a32cd0c37859c0
-
SHA512
7a49f4599a61df76e80f99715ea10de45c664dd4ce653b53f4080e5455a0740ac97f716c33fcb72450977483eb9dcbc8f731040661fff19fe7faacc7701d3d10
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-