General
-
Target
e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06
-
Size
487KB
-
Sample
220521-n837xaaadq
-
MD5
a06b6eb93c99815ab73d6fbaceb59ae3
-
SHA1
e145826eed3e0f4d1cd5246df61626bb44eed297
-
SHA256
e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06
-
SHA512
2e2017bd61785ba2aea8884a6d5a2d09b2a16b1ed16414b62f2e8553668ef5a85d5ab8e029d88190b7d967527175a970fead017cd284b1ae554277fb4935a5f9
Static task
static1
Behavioral task
behavioral1
Sample
Industrial machine quote.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Industrial machine quote.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
victormuller10@yandex.com - Password:
Mummy212
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
victormuller10@yandex.com - Password:
Mummy212
Targets
-
-
Target
Industrial machine quote.exe
-
Size
522KB
-
MD5
41615850b17ff0e5c9ea11e7b26e4ef2
-
SHA1
f9aea47b955a88f08082aea6e5e86bc9561fef89
-
SHA256
4664b88274ef7c903d7eb7c18ab51ba8109640210334f648d696afcecf935ddd
-
SHA512
d0ac0663f4293e1bddd7fc0c7964e51f2d3dde6e9b05d551fd85ef4103662b1dfb538823d30488b7aa0034de12bf309e01c06975515fbf3ed3462d80c8c08a1e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-