General
-
Target
e47baa80b0e6230baaa25fd425fedd0ccd365c6f2412795331554670ff5ea611
-
Size
649KB
-
Sample
220521-bmwvgsfbdm
-
MD5
d8625f6092b41c3dcb64b5111c0e87d9
-
SHA1
3432bfe648d741b68dc66a5cc3b9838f85563044
-
SHA256
e47baa80b0e6230baaa25fd425fedd0ccd365c6f2412795331554670ff5ea611
-
SHA512
ceedf80b9471518e32f1f73d5286a2a4b3fae6ab05f10f31dc336642f89c0f01363c6d47e3fc4401fda1dbd718adfa07da3d28b23b78bc01888b0f5b313d9f83
Static task
static1
Behavioral task
behavioral1
Sample
544755300977.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
544755300977.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
08140480968Ju@
Targets
-
-
Target
544755300977.exe
-
Size
890KB
-
MD5
43a4ff5752ddee3df016f2eb38ed8874
-
SHA1
1d12ed5721f87d69c0f6f3e102d59b48605e8a7c
-
SHA256
53aea080cd433c61d90184c531d36de3d0f82649579997dce665f8f3f80039dc
-
SHA512
05f410f08d049ad24a7165074d6fc9aa0d479ad2d5e04cda6569d761f21ae81ef30ca24b2eb4aca9afeb1ed76fabafc6c464103c5587102c58c53fc5e87e3962
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-