General
-
Target
a4379f53c4b2a0995cd11c245f03ce84208e9362af94bad159a8279cf0168705
-
Size
434KB
-
Sample
220521-bka51abhh4
-
MD5
28a4b83a6ceb1178ade3707149791dd7
-
SHA1
f8094250292cd871f874bb0ace8b414984968097
-
SHA256
a4379f53c4b2a0995cd11c245f03ce84208e9362af94bad159a8279cf0168705
-
SHA512
e61184aee4c6216ee6687144bc66e2325d8301bd01e9eb62f6dd0f9155e6ac1c91a3f251a1f5dae9aa7518008b7df8ecac6edfa3bd7a2449f5f902b0b4e7bd9e
Static task
static1
Behavioral task
behavioral1
Sample
DOC MSK 001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOC MSK 001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
myhp6000
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
myhp6000
Targets
-
-
Target
DOC MSK 001.exe
-
Size
699KB
-
MD5
00486dd730b7d2ca4ea9461570d49613
-
SHA1
2916b77cca74c98993428b5d45b4ed098bc665c5
-
SHA256
c9063fa583abaaedb50e31211b67ba87ae17f57176e15db0bef6a0b1a9678243
-
SHA512
2824c7f72e9e1d5651e5072f29d41af26665a68fb51e8730ac6d89c80748be4a116170f37ac0fa2090fa95002d8f5987dbcbf4c2c1f45a994c99d265c95ce4f7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-