General
-
Target
40334ab1b1d7fd8436528ea19158f2e133d4e420779f84f1ee16a3d72f5ffb6a
-
Size
274KB
-
Sample
220521-n89dxsaaem
-
MD5
06401efddb6c7058c639113aeb799d5c
-
SHA1
dddc8fded1a37926372504191b624849274b3eb3
-
SHA256
40334ab1b1d7fd8436528ea19158f2e133d4e420779f84f1ee16a3d72f5ffb6a
-
SHA512
484f0c6459ce1a45e68b1a968de5111d19f0416a2add9a4c502cbfb283121b9b5eb07fbe34ad011210416d63a98dbe344e52c07986f628be3cd785afa427f431
Static task
static1
Behavioral task
behavioral1
Sample
PO 20-S880320V8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 20-S880320V8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sales2u-kcom.com@yandex.com - Password:
ALIbaba123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sales2u-kcom.com@yandex.com - Password:
ALIbaba123
Targets
-
-
Target
PO 20-S880320V8.exe
-
Size
538KB
-
MD5
0dde9a7b593ec17d4715dba58e23c2d3
-
SHA1
53d7d61e107b9b686693a547b1b68cf7aa10dbf3
-
SHA256
8207b09240b974dbc811f65ba6ce318511c2148c22bcc73c5a35f034ae2bb7b6
-
SHA512
d98769f562e62f9c722f8cd3ffa839f7ed38a79d6878e61f165e34779df9810d896e1c88366ba88f417997f67e7e0dc36aa7283445fdec4d8ba08576ac4a0e6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-