General
-
Target
08b65490b006f4fc37d5c72b609d67590fa8b13597e89c1708704f0f4a3b2cd1
-
Size
468KB
-
Sample
220521-mznv7acgc7
-
MD5
94778a0761e55abf2fba5fcc54ba9c0b
-
SHA1
c1e79b0a1c2ff8b1d73bd2b92dccf9b6b6b5c951
-
SHA256
08b65490b006f4fc37d5c72b609d67590fa8b13597e89c1708704f0f4a3b2cd1
-
SHA512
3c3dd5d25e44eb5cda2029bca47dcb1ccb75383e9a37c33e6c367f12a30c5500b8e5b503fde6695d9250b585060c251bb069237c398918db47a4dec759e24e5d
Static task
static1
Behavioral task
behavioral1
Sample
wzzy334.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
wzzy334.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
[email protected] - Password:
186s509N
Extracted
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
[email protected] - Password:
186s509N
Targets
-
-
Target
wzzy334.exe
-
Size
735KB
-
MD5
d689a22a87237998ab61ccab05a5eab0
-
SHA1
b3d175e2611c5eac44610efffb72cf7ef5fbe138
-
SHA256
86e5796ae957a22f0b55caae1fee9af102cea6e31fca38e4334a50f0b5e57971
-
SHA512
1775cd1be726b84089c9bced1a4c6ca79cac4aba9ce7ebc47bf545a4b49abd7b04c48853c18624fbdca3eee9158f8bd111890adda9b7c2e24a648d3c000a94be
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-