General
-
Target
421998b18243e4a5f973520d121c4c3bc2a596472a728fa4d2d658e6175df81a
-
Size
484KB
-
Sample
220521-aybs1seaan
-
MD5
543b1e566be6fc8612e0204195ba30f1
-
SHA1
986caf05f23ae3449d70a9b2454dcaa25d2d74b6
-
SHA256
421998b18243e4a5f973520d121c4c3bc2a596472a728fa4d2d658e6175df81a
-
SHA512
b4a32c205b2f3d85cbabce9433b407159ea39ec9506d0fdd8f68e6e228afa3ce4eea87fce19a485aff327da4dffb40e489677d7097b3282f31a442e1c099aca7
Static task
static1
Behavioral task
behavioral1
Sample
KAFA_item sheet_7282020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KAFA_item sheet_7282020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
blessing2020
Targets
-
-
Target
KAFA_item sheet_7282020_PDF.exe
-
Size
602KB
-
MD5
7ec820bf892a68ed5c1ff519e3719d00
-
SHA1
0f220db3b4f624c54b0b50bb507ee7adec9d56d7
-
SHA256
7f0fb6cbeb67d61d2fcf55c3e9496eee625be53db7e4e0a6321403efd9f8f7c8
-
SHA512
b2d7482a91317b1469cb8151def49409de96ba272c5d4f4dd33b39d8d7844dc91f52aaa99b5bc8c9a079535d22d9e1c89ddab3e8cd4f0e0c3cf4862bd75fb354
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-