General
-
Target
44f3cb31cb0eaececb35e3d1bdf180b088a5e09cbddfea663c564b3913433473
-
Size
399KB
-
Sample
220521-bkn2vsfadp
-
MD5
9ff0b0923dcc50147c56205bdf91bf41
-
SHA1
c199667cc8020223e080239d4111164ab8063789
-
SHA256
44f3cb31cb0eaececb35e3d1bdf180b088a5e09cbddfea663c564b3913433473
-
SHA512
d6e79052e8a5f46742d197acc88fba7cbad3c2b5e84122c6685b2d2bedafec90c1a49d8ba34bf396fcaa81dff3c6eec091130b8e9236ea19b4a7a0712001f8ab
Static task
static1
Behavioral task
behavioral1
Sample
payroll.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payroll.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Logmein1
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Logmein1
Targets
-
-
Target
payroll.exe
-
Size
703KB
-
MD5
5d92e59673df06713a2a37f7a4fbdafc
-
SHA1
c188318d7a1e6367317c5c541145241ca1afe6f9
-
SHA256
2b80556f6cd49c291e54b1f0d7d3f15664958412ea6d2c36273e356de9081966
-
SHA512
54a638bc3bb6ba6ca40a0e73e75335a2be24c3e03de293b08ce1891d617e1f123cf09ac7ea6df682ce668b47f6503fc0c882c57171b45302f1114f5c9348f55b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-