General
-
Target
3a2096cd323cad2c8afa61f1a23c106d7ad83e02245ac5a30f58cd0efe9b8e75
-
Size
718KB
-
Sample
220521-bbndzabfd6
-
MD5
3dc0592e5cd7f2d4951216d2be46a0eb
-
SHA1
68c30f77cfbf327aeb2e7edfba6291199688cd75
-
SHA256
3a2096cd323cad2c8afa61f1a23c106d7ad83e02245ac5a30f58cd0efe9b8e75
-
SHA512
73426060a0e9c9c710d30816d2a0dd725c241f63807997a4682d789aebc316c8c123991a842bca0fa41d819596c389508e62f5b763c0e0e57ba1e931ed354f21
Static task
static1
Behavioral task
behavioral1
Sample
invoice-09985.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
invoice-09985.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qwerty123@@
Targets
-
-
Target
invoice-09985.exe
-
Size
809KB
-
MD5
652b6d0f0abe5c12ace7534ab28b5ddd
-
SHA1
0f0667ae46110d576a4e7205a311622b2de40eae
-
SHA256
59fc064f768c985747f5680dc3f6fed9fe44a74b061c2a15437a27afb5d071a3
-
SHA512
a3a48dc91d1ff9923514ea64f9bdf2e5688eda5c870aeabc916755ea9e159461df1d5ec7f165c9a73aa65cb846cb77fb7bdca6c28826eddee399692866d93ae3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-