General
-
Target
37293b82792be0f39b2a46ac9b30f96ef74ede85296016a2bc4aa3faf4b99a97
-
Size
447KB
-
Sample
220521-nflgdsdfb6
-
MD5
6118acabb063e6ed771b24456ef00930
-
SHA1
a8aba7fc1e6d2dc46f53e35d7925112bc101d7b2
-
SHA256
37293b82792be0f39b2a46ac9b30f96ef74ede85296016a2bc4aa3faf4b99a97
-
SHA512
bed840052fbf685bca9798980f4c556da01b637e13d9ef46d048f4d26869770573a4857a82794f755e5ef25abb1d7743fb9ab6ff01eaad4164865e70547fa4ba
Static task
static1
Behavioral task
behavioral1
Sample
Detailed.scan.report#html.img.PNG.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Detailed.scan.report#html.img.PNG.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mobile.mailer@yandex.com - Password:
qwerty123@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mobile.mailer@yandex.com - Password:
qwerty123@
Targets
-
-
Target
Detailed.scan.report#html.img.PNG.exe
-
Size
548KB
-
MD5
1502f7e383ed875e94a7a70496ff0773
-
SHA1
85d3c80733db1c0ad2718c2bc80b66acc4c52797
-
SHA256
a050666285b441dd6b72aa1fa6e626f51498acbfd71fbb75d9f3daa4f9802aa9
-
SHA512
a9062e9dbdeafc5c628dd0317c72b5733732bf9c9197187c97e0f3fcec0235650b756f526a114f0668606b14b5920f770381f273404eb34b4c2697d4adc56d78
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-