General
-
Target
e99680c49f2ea363603de4ec4391332e4585d4297832a6b27713ac4d7c48251a
-
Size
738KB
-
Sample
220521-nqg7qaeac3
-
MD5
35aa17a7d58223747d68acd4c65f0fbd
-
SHA1
78fbdcc5eda68d59a6c833fb685823a4674b53eb
-
SHA256
e99680c49f2ea363603de4ec4391332e4585d4297832a6b27713ac4d7c48251a
-
SHA512
1755fa6858d08450fd5c084947a328c4d74ebb47e1c11293f19d046f157bbedf6356b525b855586b806f75c98eb7e11448e66c188d19fc1a7fb0fdd211404138
Static task
static1
Behavioral task
behavioral1
Sample
img-602105445-0001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
img-602105445-0001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
Smtp.yandex.ru - Port:
587 - Username:
newliferay@yandex.com - Password:
shawama1000
Extracted
Protocol: smtp- Host:
Smtp.yandex.ru - Port:
587 - Username:
newliferay@yandex.com - Password:
shawama1000
Targets
-
-
Target
img-602105445-0001.exe
-
Size
1.0MB
-
MD5
d934ca5e00cc636794638d7aa4b7539e
-
SHA1
0a16fa29a67e33cce6a6eea89e57f303edf8f44d
-
SHA256
f1044b4d40e2d3df5e586d5c8c58e49fa4795eed6b6afb44b506efe4319f4d0c
-
SHA512
966f5b25daf21cc9363c6114b00f54d18e92e6a2724048d3e671bf4e1787338fa0e4a2690f79503c8e0a32cf06fc7e3b19c60ac5afd857304555de8bbc717366
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-