General
-
Target
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3
-
Size
1.0MB
-
Sample
220521-n62w3ahhdr
-
MD5
04a4a9a13029581f61fdffee31f5fd08
-
SHA1
a34f23791dfdc13195b19d9157eb2708bc5f2970
-
SHA256
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3
-
SHA512
ccfa5c8de56ee3409365611d9e1007e87d0e1e814c8db1e7f3e7dc141a194d9fb19a62df2d374f8585494be345b98d31c42393a4f05a9c15b9978279195272ea
Static task
static1
Behavioral task
behavioral1
Sample
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
handofgod123
Targets
-
-
Target
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3
-
Size
1.0MB
-
MD5
04a4a9a13029581f61fdffee31f5fd08
-
SHA1
a34f23791dfdc13195b19d9157eb2708bc5f2970
-
SHA256
68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3
-
SHA512
ccfa5c8de56ee3409365611d9e1007e87d0e1e814c8db1e7f3e7dc141a194d9fb19a62df2d374f8585494be345b98d31c42393a4f05a9c15b9978279195272ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-