General
-
Target
cf863194128f139a25c094066a68be70995e6d5be58fe6a8b5a406e1b0140846
-
Size
1004KB
-
Sample
220521-mm7sjacaf8
-
MD5
900861624b224ce89c743c4da389dee0
-
SHA1
b9df76cdfc5b98683f33c5a23c5b0bc826b5915b
-
SHA256
cf863194128f139a25c094066a68be70995e6d5be58fe6a8b5a406e1b0140846
-
SHA512
ccfc36f0e6c517c1b9d705227c1499865cb40b942536d7d60406f52942d8cb205254c2700b077d8f7220d57df0a95125f98e1fb04e64c20572227cf7a7de29b5
Static task
static1
Behavioral task
behavioral1
Sample
Commecial Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Commecial Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
pauline.vostropiatova@yandex.com - Password:
kaka1234@1@1
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
pauline.vostropiatova@yandex.com - Password:
kaka1234@1@1
Targets
-
-
Target
Commecial Invoice.exe
-
Size
1.4MB
-
MD5
20bb48a4b3b4f0a778a4e0afe2dc3502
-
SHA1
15d30fce8dd2e5a351df54cb3cf298417bae2ded
-
SHA256
be823d1cf2f6d602b91ec0b226fcb8a393f15efd519ddea975a2dfc6fa348195
-
SHA512
e49b554ec89ba5651bf7c8ee7b2b1285054d2d88f5b7271c258c134c3aa1e02c38a9199815539efada1dfb3d8509bd46c6bb9a4e8253e55404bbfaaba4b30f65
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-