General
-
Target
cb573b58876a45479f1cfdd3b6c2a0af71d8bbd00cb072d769e90b5bec8c41f4
-
Size
1004KB
-
Sample
220521-mm661acaf6
-
MD5
7401e07465cde0469a561c792680af0a
-
SHA1
14857e4d3747f722e3be08259358c24b47eb8b86
-
SHA256
cb573b58876a45479f1cfdd3b6c2a0af71d8bbd00cb072d769e90b5bec8c41f4
-
SHA512
12f044933735fe6c1206499ffae0a33e02bfe842e162515d1dff9d4889a6836040e3920a440ac7ba5b3b681a71a6b1135e160fe88b03e9a5f0c8ad0beab8ca7d
Static task
static1
Behavioral task
behavioral1
Sample
Item list.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Item list.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Targets
-
-
Target
Item list.exe
-
Size
1.4MB
-
MD5
e0a4812dd1d024e13a44144c39698f24
-
SHA1
d495c940961a47fcfb95f33b541e82d494d33bcf
-
SHA256
82b1f87a19c8cc0e352e20faecffe3b4c28b188a41328f8074e66d17a19a17e9
-
SHA512
30a26d50bbd6aed2f6e6fa9b98ec6a62a1474ac6a9ef36297148086440e0b312087588d5a3f8f03183344c45706d9e222e9c6e95d727ce871e0baa868572db16
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-