General
-
Target
06de4cc259e1fab7824ccc937c5ad00fc3f316fa6080c96f0e288470125e9eb0
-
Size
459KB
-
Sample
220521-bkvjmsfaen
-
MD5
8492e75da9e24f8f3a4d9f28decfcf57
-
SHA1
ad8420eac753106a7947fb49e4c3d523ba2411ef
-
SHA256
06de4cc259e1fab7824ccc937c5ad00fc3f316fa6080c96f0e288470125e9eb0
-
SHA512
b86acddd6f42762259000e4c38da45a6dbf4e28c5ef0ac266ce7c9cadd01aacb9ffefe97e2e96e071dbf89055240b3b0c0618027c29a86bd1233af0be44559a9
Static task
static1
Behavioral task
behavioral1
Sample
Image001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Image001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
afoerinwa123456789
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
afoerinwa123456789
Targets
-
-
Target
Image001.exe
-
Size
871KB
-
MD5
029cd9bc58901534bff1824b73ee9c5e
-
SHA1
e68df42633607588bdae0a501bba95d8e784193d
-
SHA256
e3278b1debb150da3621ab0790c55b5ff5077a815b738c7ca8e89c5ba48dab06
-
SHA512
6802f3e48c9df7c57b0f96a1891e245f1fbffa06f656e3448c24bfaae32809422a62711dbdca16bf6f011121034e133ab68ce7fbfd1f477fc02590c934d85b9a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-