General
-
Target
f2ad36f6273e6c885b045f486f0718f76bf7652c15c6c5722976433aa32fb706
-
Size
690KB
-
Sample
220521-bl2z4sfbak
-
MD5
210ba84019dbf5dc89f1bcdd739e2c75
-
SHA1
dbe7cdfd986fd2842b63491ef2ca39646d52ac37
-
SHA256
f2ad36f6273e6c885b045f486f0718f76bf7652c15c6c5722976433aa32fb706
-
SHA512
01ba038bd32a635495837f04d6eba4db97be0b9f64e6d80e620dd66aeba930794a8222ebbf867f43ef8fc52648e2339c0a3c8de1a14407ff7de1c8cffaa00570
Static task
static1
Behavioral task
behavioral1
Sample
EQUIP MATERIALS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EQUIP MATERIALS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
legend1234$$
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
legend1234$$
Targets
-
-
Target
EQUIP MATERIALS.exe
-
Size
881KB
-
MD5
e837aefc96308f476f9c9fee984f0128
-
SHA1
4bae17624832e3c8928e4ae90a89c1868933620d
-
SHA256
f83df92f9d78101b5376837923351b70eb6581d4ee2b7bf251ef8a2387177064
-
SHA512
2c4178cd76546f54578bcf40c1f1ea0fed50b0fc7056d29df4005da8e88d14828f0120dccef2acf447cc7807d3ead898db87dd7b35f5c83a16d6e52a6a7ff51c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-