General
-
Target
3e06a9b8cd9526c4f446f626d08c010086c48677746c8e2f80dab6a8f5e831fe
-
Size
410KB
-
Sample
220521-bbjqsabfd2
-
MD5
503500a97ef0f4d9784e897d55792ee3
-
SHA1
07ffb362203d8c5658f273c40ee7dfe5b690e60e
-
SHA256
3e06a9b8cd9526c4f446f626d08c010086c48677746c8e2f80dab6a8f5e831fe
-
SHA512
8b60995da6a1aab36d016e52ef1f319c0886c9d4d56a51430aef2febd61a98db24573b879a7484ec9dbd4f96183a6d3ef9a7148b678cdfc290fc1aa7d4a2c032
Static task
static1
Behavioral task
behavioral1
Sample
payment copy _7302020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment copy _7302020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
blessing2020
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
blessing2020
Targets
-
-
Target
payment copy _7302020_PDF.exe
-
Size
449KB
-
MD5
cddcaaf646b126f8b18026f51d355137
-
SHA1
d28c464f2f722f7310a790e1a494e3bacd4b0364
-
SHA256
0d6502ebac7f57de3c41d7077d2c613dc31f7f58bef5deb486ff0364e9ff97fe
-
SHA512
09579057f193eb6a8db6cba082984d4053c09ee4e03c77ca4e352c296289e563ad3ed153d7ca0569a43a889f46b7f3d3f8df292d665ada2e6f83dd3b6853e81a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-