General
-
Target
8da845fdd62a85d767317c6253877f5262fe2a6e307023a508c309ee04c1bcb6
-
Size
414KB
-
Sample
220521-ng7e9aghbr
-
MD5
9d916d2bf4fe54b1a42916e2a138c18b
-
SHA1
0921c1a0e652907ce2ac01e8dc909af045a28cd7
-
SHA256
8da845fdd62a85d767317c6253877f5262fe2a6e307023a508c309ee04c1bcb6
-
SHA512
ae8c6044fd2687176768291647d2ee7d37dfe14fc3432d25170437b7597327adf9ac45d568cd847b2cbb472c618cb005aef151b5a9957423799d9c70e4ed7b00
Static task
static1
Behavioral task
behavioral1
Sample
Quoted INV-15BDO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quoted INV-15BDO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
dave.tecoman@yandex.com - Password:
General101
Targets
-
-
Target
Quoted INV-15BDO.exe
-
Size
465KB
-
MD5
80f7b4a0686c9faaa09fea53a8cf6ef1
-
SHA1
362b0f651ad57931f7121fe82e1dd24895f1bdc8
-
SHA256
15c527cd2c62face5cc18876f33721976457b2f0d38d02a4e80862faf428768b
-
SHA512
bcd14dfb51ac4526068dd67235824c2c5ef965e708f86c979f02c4032d00d6aa67ebaf2cafd25c09196f0af77ef998a5480468217e5bdd391c8c17abc6b01a09
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-