General
-
Target
d4b4cedca105f41ffe38fafe7e8eeeda3d30f837a96940ae3db574875e2fab89
-
Size
764KB
-
Sample
220521-nzeg7aeda7
-
MD5
215f7e8c62558bc2813183b5e9b00e01
-
SHA1
749ef1d6ac77885445ecdd2039c7bd874e85eaa4
-
SHA256
d4b4cedca105f41ffe38fafe7e8eeeda3d30f837a96940ae3db574875e2fab89
-
SHA512
f8da8166270ecb0c27dd35ce639ffb69718b744ede479cb53e1b0bc42761cf55bdff290628b55b0ecc5e36e639f9e026cd454108a8d3ab4ff38fb82790c1c13e
Static task
static1
Behavioral task
behavioral1
Sample
9P4eCvIi4o7THCV.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9P4eCvIi4o7THCV.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
bhupesh.patni@yandex.com - Password:
stark123@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
bhupesh.patni@yandex.com - Password:
stark123@@@
Targets
-
-
Target
9P4eCvIi4o7THCV.exe
-
Size
940KB
-
MD5
1b94437575fd228b3889241bf4b113ef
-
SHA1
274fc0971cfc0cc6132f396cf2e8165c1989f738
-
SHA256
f2d446378bebc1c5cb4fdd8941445bc9de335315ea90115c1db4a141155decb4
-
SHA512
30cae75e59059cf9902a8d33af78a4878622ca0b5ae02d0163de6d4fb796e595c5168af86504cc19ee93020bebaa77960a72c51b6b974d0910d5d65990bb3f2c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-