General
-
Target
7ae83c10f25df9998fa8ecae09200e3b25fe729de97853083c47c27a5c9cef72
-
Size
436KB
-
Sample
220521-mm2xaafbgj
-
MD5
940bcff4c930e282a87a5e0bf1f29516
-
SHA1
29a80657eaabb328ac8ae6524258e024fb7af04a
-
SHA256
7ae83c10f25df9998fa8ecae09200e3b25fe729de97853083c47c27a5c9cef72
-
SHA512
b302c2628996995fc46eced4c13310b311aceb18924a5725f47a0c044c42bb905d448bb60e834a19466b0a554ef4a3402b1b4345b75d4928eb7d79abb3ef446c
Static task
static1
Behavioral task
behavioral1
Sample
OVER DUE INVOICES 154084.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OVER DUE INVOICES 154084.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Targets
-
-
Target
OVER DUE INVOICES 154084.exe
-
Size
614KB
-
MD5
95a1528c17e3895f2ef124f2efc48761
-
SHA1
8cafe7112ade6208656219883772a5f9a9767203
-
SHA256
20aade0372aaf34564a83fbe0677e52f11b22196396975150393578c8e1e6a5d
-
SHA512
982eab0f1f61e184a7acb24ac5dcfef998d4556e19c2431d9239f93736e79f8fb8172b9cb7a53a61c87f3279469123d31c342e0f7c087c96d807813d6003a836
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-