General
-
Target
8cde1bd026d10fc978904dfba5196c57a89ecfae17103115f124fe026166861f
-
Size
380KB
-
Sample
220521-nrv5zaeaf5
-
MD5
3662f2ea3b94dd7f8692999718107b0e
-
SHA1
35624c97208f05399ee3d42a262b997669c50470
-
SHA256
8cde1bd026d10fc978904dfba5196c57a89ecfae17103115f124fe026166861f
-
SHA512
4ced07a016a8dcad2fef7080b64af0cca8e10e865b95a76a58bf90926528a5da5278dc0804d602d843d14fea4edc388538103e9eb327611773f5c24a4221abb3
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER PO 16.08.20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER PO 16.08.20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
houstondavidson@yandex.com - Password:
faith12AB
Targets
-
-
Target
NEW ORDER PO 16.08.20.exe
-
Size
420KB
-
MD5
afc573b48ce1ef8521e605f27765f258
-
SHA1
4ee5b477be6b24dcad5f49ec29b7a102289231b0
-
SHA256
7019a5ffdc2d01d6163fa48c23124087330f367b357a6053804f5a3f7eb29b13
-
SHA512
ec8e610827b4cd52e28bd4aa672eb750cc7747152bcc367cf73d77d0e3966b27037fc534092f3e208735053dc80e2de177963cdcd24dde3427ffeb6fee4d352c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-