General
-
Target
2be9293e253be8c5057429e9a86a319db3502b7af6e96ec2b4d7f33b44303e62
-
Size
505KB
-
Sample
220521-pcjn3aacaq
-
MD5
767c86473ab0e59d34560dafd45b29e9
-
SHA1
acd39fc13b3e4ebf861161001ce33ff2e6b8d5ef
-
SHA256
2be9293e253be8c5057429e9a86a319db3502b7af6e96ec2b4d7f33b44303e62
-
SHA512
c165173deb75e3e86be4dc1f5a6feeefee40b6bcf8d7bb4716073ccd3e3bbc133ac54b7a457289bb09b2082c52d4c3e5f4809e0c686b3f83356e734878d19baf
Static task
static1
Behavioral task
behavioral1
Sample
DS T-8.501_rev 1.com (532K).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DS T-8.501_rev 1.com (532K).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mor440ney@yandex.com - Password:
castor123@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mor440ney@yandex.com - Password:
castor123@
Targets
-
-
Target
DS T-8.501_rev 1.com (532K).exe
-
Size
543KB
-
MD5
b626da77489140e34c9b7fc990c91fdd
-
SHA1
af505cd8aec29a09573e8bd2f47d4ef4e8186e52
-
SHA256
c3a87e5a0c5e488d8a2be10a05c22628d6a68282cda7e001902bd2d51fc059d0
-
SHA512
dae4c9ef5d829fddaa8b2d3b38f4393e5d04ff59926a6937b361ff0005fc2cd140a5b6d2f7c6157ce08a6366d2e244a81d9e662a7e8181f771786f784f4af0a5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-