General
-
Target
db3b9bd7d52e0d20154b8e928b0864b84e938b2ca5984cb83b2e2f51b6eec06e
-
Size
655KB
-
Sample
220521-m4r4eadad3
-
MD5
422921d591d28469a41687b7ba87d041
-
SHA1
0178407ca44ba6d4143fd856b4f2b43b4f1fdde8
-
SHA256
db3b9bd7d52e0d20154b8e928b0864b84e938b2ca5984cb83b2e2f51b6eec06e
-
SHA512
fc3e7a530f8649b8c4f7aea8a2b8bc8265391a102434699a4591ae73d67fa67fd7c5408fa71f1c3ea07cdbad5718ae556d0f8b42c2deeb8166ab0ccce9025f48
Static task
static1
Behavioral task
behavioral1
Sample
osasuna.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
osasuna.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
osasunna@yandex.com - Password:
104osayandex
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
osasunna@yandex.com - Password:
104osayandex
Targets
-
-
Target
osasuna.exe
-
Size
1.0MB
-
MD5
b6df5864fc6fa87ba731b8986ae5a352
-
SHA1
ba0315e91c131f87c832f2210239a19e802f32b9
-
SHA256
757f7141daf24169ff3694cdf0247b7ce0b71c66a970837a71149a69b5b6d371
-
SHA512
341f893f68cae0254576194cbc923b09d583b304f5c9132877c489e97fffd752eb3e2436ffe33ebf96a8ea979ddd4fbc27660201c6f49ff9341e74a30ce06e5a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-