General
-
Target
4b828c6ce918e6779e20b78c0c138d0fae5ddbc104a6ebf845e62f0d2f69509c
-
Size
292KB
-
Sample
220521-nsqxmseah2
-
MD5
3ea24caab78f69feecad64c12e79e705
-
SHA1
36bbc0a195a46ea07193487b1bf854d3f00a234b
-
SHA256
4b828c6ce918e6779e20b78c0c138d0fae5ddbc104a6ebf845e62f0d2f69509c
-
SHA512
538be31640c393a57045a889b9f0268bcbb8449ba79dde19dd5a8e010fcb2b1cc21b67af29e450635c4a393f1eb129192380c50e4039d311496a3fc66cb6cee3
Static task
static1
Behavioral task
behavioral1
Sample
Products description.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Products description.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sales2u-kcom.com@yandex.com - Password:
JEHOVAH8899
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sales2u-kcom.com@yandex.com - Password:
JEHOVAH8899
Targets
-
-
Target
Products description.exe
-
Size
600KB
-
MD5
b56c68fd41914e76f8b76af6619c5d37
-
SHA1
b52948ca29f3c6224fafde1a90c14082771b5b13
-
SHA256
a4da467fed5249b5013e1dc1daa882e15b94fb97ac5a3ee9c2a8abc5a7cfffc0
-
SHA512
b12f5351d1d59fa37faea4f7c77907f13596dceda1b2f2fe357084059f8826808572b320a8127defe8284d37d815a840cf20de1772a035bebb5110065dfeca6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-