General
-
Target
9a03f373483613c007111b7c308f5c748139b618e291efbb0eae60fe94c7e9a9
-
Size
497KB
-
Sample
220521-cx6m4shgbq
-
MD5
0dc1f4f74313e225d0ecd90a38dd4649
-
SHA1
5b4f6399f2168576795f46af9bb8d1d330ad8177
-
SHA256
9a03f373483613c007111b7c308f5c748139b618e291efbb0eae60fe94c7e9a9
-
SHA512
dd662af937af409a2de22d1a153b4453c8340cd6e9fd15e538932749049b43d88d57f02461bc849fa3ab8d509f93dcb31e8e1c2e9ae2dc6701658075c43c696a
Static task
static1
Behavioral task
behavioral1
Sample
hgytgfv.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hgytgfv.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
mankind123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
mankind123
Targets
-
-
Target
hgytgfv.exe
-
Size
604KB
-
MD5
d7cc88b0629075b10a0eb128920c1404
-
SHA1
321692b3944b4659b599beffe7a38c0e12d75023
-
SHA256
d8803b93c59638ead5ee87768a63e35a81beed58f48b39d2d928cbc36621be1a
-
SHA512
5ae6da98f8d9b1b80034954df0abfda6024e203f6f8bedfa0c8913a84c2e42c86cd31cae0eb2953c49adac247b79206fa98baef3acdbf685391c48b1a90e2b52
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-