General
-
Target
54da77b8fa889e9adda9570bbdeaa6767750dfe80c3105b686f0b6e664105dc5
-
Size
386KB
-
Sample
220521-athe1aagd6
-
MD5
af6d687eb2e21c5c1e398e571e66ba51
-
SHA1
81890c4f4aed2c4ab4e2dcf09d3682eb46d14dc7
-
SHA256
54da77b8fa889e9adda9570bbdeaa6767750dfe80c3105b686f0b6e664105dc5
-
SHA512
be6bb1aa3f8ea22f784c1ba243aa5c3bc6e2927ba976e3f39fa0dfdfb7dedfe26a8f1568c29fb352745cd9312b5fcf6a187881e5448cde026c569e0ce19ce2ec
Static task
static1
Behavioral task
behavioral1
Sample
Order No.505 DTD.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order No.505 DTD.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Targets
-
-
Target
Order No.505 DTD.exe
-
Size
444KB
-
MD5
237cf4055624a01d2c1852e1bf3f3671
-
SHA1
e448bf4178d635b22338a412666023f7d482605d
-
SHA256
638e2506675b6963358990b817617b7269f31521a9a4ffb6745bfcbfc6366034
-
SHA512
ffbb399a54b356f075a600a1ff3eab6fd747eb1b5f8c18c2a0e16a1bf5d3b0d3cf43be4406b0581cc7349a916f86760f218261a9652fb33a796fedb76eec195b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-