General
-
Target
4a3f260ceeff3c12b2f88d27acb8abdf1bba22a2f1f2c27d1ed27dc3680250c0
-
Size
423KB
-
Sample
220521-n8r5msegg7
-
MD5
2d7cf5b638d72aeabda84b051d5e893d
-
SHA1
b42e95670565d00093ea790b275b1a054636436d
-
SHA256
4a3f260ceeff3c12b2f88d27acb8abdf1bba22a2f1f2c27d1ed27dc3680250c0
-
SHA512
73413b3e78dd801015a78d61296d65dbd5c12dcde15cd24b7d73127b3840c0c06561b8756fcba9f82b08dcab54a6338ae659cb8329b1f1f46e302a5a3c2592c6
Static task
static1
Behavioral task
behavioral1
Sample
FINANCIAL YEAR CLOSURE MEMO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FINANCIAL YEAR CLOSURE MEMO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
FINANCIAL YEAR CLOSURE MEMO.exe
-
Size
470KB
-
MD5
45fd3f5ffedbf5e660957adb12baf300
-
SHA1
0c607da8f0ad1fcac5b7e3576e5c9854b3b9d86b
-
SHA256
27db7e818b7e5ed14cf0f3e8e830c1892a42a23f9545cbba993c442f6dc474e6
-
SHA512
f5e13d0f1c261e26f59dc1e88af110b6941f5fe85a218780864e9ccb974478ead75e4a830f4c29239e48acd6aa91431c95fa851b4b85b662b3bb725ebe5678f4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-