General
-
Target
3b22504ec39ccba52c274ce36821b581d52baa2f8118d787eb2e7929463c07d4
-
Size
728KB
-
Sample
220521-nsx1yshbgj
-
MD5
9928dafbf1937589481134ebe1803ad9
-
SHA1
13c4901ecfef46038d5feaa70132c4dffa60855e
-
SHA256
3b22504ec39ccba52c274ce36821b581d52baa2f8118d787eb2e7929463c07d4
-
SHA512
66cc89f3fb90f4c805ef9fc0dcceeefed1c519f88bebe4ca5985265c47f40a55cfd2d985b81c4f3976cd569658a9124418fc17cc09131d5123dcd682897a8994
Static task
static1
Behavioral task
behavioral1
Sample
TT 0020200408.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT 0020200408.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Targets
-
-
Target
TT 0020200408.exe
-
Size
1023KB
-
MD5
0da967c54e1346beec21389b5e83cbd6
-
SHA1
94548d975fe10d7cf663b63b6bcbe822cf4407a7
-
SHA256
140079aa516d620a4adc0184f3318a5183d29692bf56c54314513bd2c3ddfd82
-
SHA512
8bd8f32dfd60502a8c2bc046bdce8acd54bcc5418a0886bd1ce7d98a636f479b8f7608cfb4bec89c985dcbccef723c89766ab295ec40f0b832d2484bd5128af4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-