General
-
Target
7018c77957bfa048fbc7eede4b2b2276d7ea556eb4cd0ab806cdcde40ea0a5e5
-
Size
354KB
-
Sample
220521-b1yw1afhdj
-
MD5
e5b809e6558cd17370ca956abb1389f4
-
SHA1
24f054f8411678e9fc9739ef303a2c0cfa7a1f7a
-
SHA256
7018c77957bfa048fbc7eede4b2b2276d7ea556eb4cd0ab806cdcde40ea0a5e5
-
SHA512
5be24adbae39ad3f5eb9b001ec3b5c010727306ec277144eb7f309b2872af13d0d861673ef60e5e556b47c3f63af9533839e598d5aa7bee2dc1d044a93f4273b
Static task
static1
Behavioral task
behavioral1
Sample
Karcher FZE statement.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Karcher FZE statement.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
qwerty12345##
Targets
-
-
Target
Karcher FZE statement.exe
-
Size
394KB
-
MD5
b5979c5b2733e419902f4a7955e915b5
-
SHA1
99cb3633162c8225a8f7dc292d7b02db13f85c3e
-
SHA256
103463e2a6f054957a3f580afcd7fa1020db1e3441c99f51ca36f85da1efad3a
-
SHA512
9feed5f2cc2d2aa830a3208354402fcaa412ca98207436f7bfa0a65e3a2e05f775ea92ca8e5c8a1764f7dc48787315ac15f722845e5863ebd51d25756a4c2072
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-