General
-
Target
82473594a1a5a15f9e84f162af35eaef34f0e5607e63735edeb0e2ac31aab373
-
Size
470KB
-
Sample
220521-neyekaggam
-
MD5
65632bbb23416cadf0413459c20a4f39
-
SHA1
f73df6d3e052d9bc5b651a34aca51ce591a02bd5
-
SHA256
82473594a1a5a15f9e84f162af35eaef34f0e5607e63735edeb0e2ac31aab373
-
SHA512
7d57322d847fd9d0fe87b0d245f264c580c32e320b7523f40d48979e0ca572bbb3115bab8269a9bd1c53de8a9faf5156e5e1810983257bc856d13bca9894c8a0
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER Pl 06.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER Pl 06.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
NEW ORDER Pl 06.08.20.exe
-
Size
582KB
-
MD5
620c91bd6a1f70ede3ba074dfccb4b60
-
SHA1
255e6482473b553cdfc9636ace7c0ae052efeb6d
-
SHA256
eeb4f768e371b2ac1f885fb5f615ea391cd0272916e1d6dad21bf944c0091534
-
SHA512
cf5543df5388bbcee31b3322738325c8946bc3bfc5e18615e8bcc5e1f91003af6e2b382b75dbf651d9b037b30b11bf1e9b13c216ce52e3d6573e1295e48dd951
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-