General
-
Target
d6e0b3dc2f7196964e85cd6ae5b93b47c5d8e02f66030ca9070180bf0967a86e
-
Size
435KB
-
Sample
220521-nz6axaedd2
-
MD5
ad02e0d00a9be0129d10aef722162196
-
SHA1
4a2fd3cbbe1ffa21be4be730865ac3488e591f9a
-
SHA256
d6e0b3dc2f7196964e85cd6ae5b93b47c5d8e02f66030ca9070180bf0967a86e
-
SHA512
fc0f27da62a2c7ca2fc9ac29fd364280e6d56945ecb0691e19873b1eacb511e4866f0778d606a68f315e7f2248e5d764eb46f15a1a2c5d3271c5fcd73e113774
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
f.grac3@yandex.ru - Password:
AMBITION123@@@
Targets
-
-
Target
PO.exe
-
Size
821KB
-
MD5
6ad7e4bc5d99826179adc6ae6092bfd2
-
SHA1
81828997adf72f09b853005e5088690a89b66e2c
-
SHA256
26f426fd4ff119e8830681f0692ff3b627f6c5a0d8905c2ca07b6b4298e07f95
-
SHA512
a7a307b8f48e53fdd762942fe8cd75c5d90d21a249998ffa1ff49d6230e98415f60df84e30338d9dc8e68e7f142ebaf69113627e6231effd23242e3d1ebb6f6b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-