General
-
Target
e51ef4fbc559732d0161a86b48523e66ecb04a6c02013960042cd5dc533237f9
-
Size
450KB
-
Sample
220521-nzz4wsedc4
-
MD5
3418a7cb3d24851c86eba0f87c0d8c57
-
SHA1
edf3ab24dca6dc0a2a69ff744d8fc49673ee8d65
-
SHA256
e51ef4fbc559732d0161a86b48523e66ecb04a6c02013960042cd5dc533237f9
-
SHA512
da66d99a6fc0a879d62a0008af221a0db51174bc77c3cb1f6e85e19cb4286e0e773d2602df10fc76fa606b50cc6887673620377180146bd6d6ade5f6a810d3b1
Static task
static1
Behavioral task
behavioral1
Sample
Ref No.05082020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ref No.05082020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ssega2020@yandex.com - Password:
T@nkTr@ns135@$^6^
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ssega2020@yandex.com - Password:
T@nkTr@ns135@$^6^
Targets
-
-
Target
Ref No.05082020.exe
-
Size
891KB
-
MD5
2a29dc4d08a171d0b1029325b8d95859
-
SHA1
3594500087c54dd7730a8e85f7a3b2c33dcfae70
-
SHA256
0176edb193b6a132f2f996fd6f61f04d4b14c2064aabb7ea9995fde15d9398d4
-
SHA512
2909126aca54902662a706dad4385019298ec25651f3129d4d611a9cc7889f2e617a767a421fb2d3dcf235440aa57b9d2b549a2c139e3ae28a69fde3c81ee72e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-