General
-
Target
80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea
-
Size
378KB
-
Sample
220521-pv8qxagaf6
-
MD5
c6d08fc27e652eed1362bd4bde557e8c
-
SHA1
f72e3bdbbd070a2042934dfc1d623096034028a2
-
SHA256
80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea
-
SHA512
99856de5bf50ac74ccb8016e0ba3f109af00b9c11ee51c810ddb251eae9a6a7ef89dce6b1f89847fe51ebe9126d315e5e86a0ed3d810eca50bd822961b670064
Static task
static1
Behavioral task
behavioral1
Sample
Specification Details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Specification Details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
chibyke7@mail.ru - Password:
nevergiveupsure
Targets
-
-
Target
Specification Details.exe
-
Size
413KB
-
MD5
f561e022d4f785bf725ad0de24f8dc88
-
SHA1
6eda2996d502410977790be4a6976ea7747bdf2e
-
SHA256
bd7ff9e1c774994bdb69476411ede44d9b837f4f1994bdfdf620e766d500b1a8
-
SHA512
e7b6328f9b74e07489bd1b5d9edd0163d8196ae6abd0968de6924cf548825755bccb734dca47535058c2775cf992982929a085d379b7558e3fb61d0b6e95f501
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-