General
-
Target
18c7d663d8a4a8eb4d2b1fc13a049ab9f6619616c76b21fc209e098086d8d353
-
Size
420KB
-
Sample
220521-pbjbxaabfj
-
MD5
2b247ebcf89f401f56ce03b36398c8c9
-
SHA1
353712fac73471a97890769e364da1eb215e0102
-
SHA256
18c7d663d8a4a8eb4d2b1fc13a049ab9f6619616c76b21fc209e098086d8d353
-
SHA512
b34daf4d9f58506859c17c65ead01f1158541ebedfae2849011d04c2fcc7511f4d90e66ae3f6089e33c488984ee62154b77347047180edae7311981d312a8ba1
Static task
static1
Behavioral task
behavioral1
Sample
Ref-no A3_RB54PKXYCNT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ref-no A3_RB54PKXYCNT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
petersonhouston@yandex.com - Password:
faith12AB
Targets
-
-
Target
Ref-no A3_RB54PKXYCNT.exe
-
Size
474KB
-
MD5
066a679cbe4f8bb3d71cb651448b82a7
-
SHA1
8cf0375ffb4880734e8437f72b01aee504d8599c
-
SHA256
99a8b22ec655fd50aa2bdb93b05e8533ec539feeffacf592cf038a6ede299314
-
SHA512
0930c59151b085f0bf9c23ba25081598033e25c6354fe6b43cdbb6f17b95f2511222fd25769355785c8539dafa961a94485e5ed3fa89aeaa6cd74213943db3ab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-