General
-
Target
f1a4c33b00367486a5201d27df8eba9b82ec54de999851a9cba64264d4fc0d8f
-
Size
393KB
-
Sample
220521-bl4hyafbam
-
MD5
d0055a6ac5b801128f7b0142e0a7f2a6
-
SHA1
7bb2518223ca738f12087948672580238e0e1cce
-
SHA256
f1a4c33b00367486a5201d27df8eba9b82ec54de999851a9cba64264d4fc0d8f
-
SHA512
8f19ffdc25d1fa01ca7f912973d91202376ef3d8a49678516e229b9aa8dba88e56c1cd1cc9f18a27e35f723de6c67c98035d23d20b028a1a365f19af8c12920a
Static task
static1
Behavioral task
behavioral1
Sample
03993003939pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
03993003939pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Targets
-
-
Target
03993003939pdf.exe
-
Size
482KB
-
MD5
1de2074087987462a0c6e501e24c3cf1
-
SHA1
0ba58cb71e5fa2f3ec82ea58283c93eb60200b62
-
SHA256
1db03bb904f87ee598b8f59dea39f9f6d94b2d8eb8a30a2fefd202958cb1515e
-
SHA512
c5c60d61e72f4f82fa7076c0b9ba02e68c25b2e045a91b9fcc8e6525bbe44ed71ee03b6ad88b64865dac9eb5f949ad1c64ffd987f12a81a95734e254a979eb28
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-