General
-
Target
d110ae777c80f4cf7da27761a84ed838f62196da45d3adb51c0a97a42d4b2943
-
Size
496KB
-
Sample
220521-ex1g7schgp
-
MD5
dc9dd15fd554944134a02a1ceda61ccb
-
SHA1
8ba6a10cbc4c75476d3e3ead0ba2d3155e878f3c
-
SHA256
d110ae777c80f4cf7da27761a84ed838f62196da45d3adb51c0a97a42d4b2943
-
SHA512
80ffc4c1d18712e5876cef0b60208db81f3852050c9a404a63719f10d3debef20cb56f6c09477c1271346d539afef32a96c840fde109e99fe44d9f37b4018c96
Static task
static1
Behavioral task
behavioral1
Sample
CATALOGO RMK TRADING LTD_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CATALOGO RMK TRADING LTD_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
princesky212
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
princesky212
Targets
-
-
Target
CATALOGO RMK TRADING LTD_PDF.exe
-
Size
435KB
-
MD5
92798d1fc4b253402582c8a0048a14e2
-
SHA1
0ddcd0eead7d1914fd001cb3c3af6801610f0cc7
-
SHA256
9fd94b88b54bbf55abf870ce5e97195aee7b4424e772ea426c431c0c57917226
-
SHA512
d146bbfae33f6917345d22ce6ed5bbd3e4b00647e2c16978dfa939c10e3389e8458717c95f359c543d593ca4226ce178c7a9a147f4d3a66dfaadfa73fb82cc0f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-