General
-
Target
75abd74b3e337cd9639412cf3c13af99e2a76e1a54d029cc212f006912ce8b9d
-
Size
474KB
-
Sample
220521-xl893scaf5
-
MD5
92ed2a9ea3a14cdabd7b53417f2715bf
-
SHA1
6ae491f41e734ec909e24e9176128dbb65e942a1
-
SHA256
75abd74b3e337cd9639412cf3c13af99e2a76e1a54d029cc212f006912ce8b9d
-
SHA512
af5e54ba058d272919c18be0cdd3eb67dc848011ba3b88da3753be2fc3ee427383481872ee4eadd7bf25a1687262cf664943b550af7cba360526093266adcac0
Static task
static1
Behavioral task
behavioral1
Sample
Hing Man PO 12000319.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Hing Man PO 12000319.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
chuk5anderson@yandex.ru - Password:
chukwudi123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
chuk5anderson@yandex.ru - Password:
chukwudi123
Targets
-
-
Target
Hing Man PO 12000319.exe
-
Size
508KB
-
MD5
3df3495c4e5d1e16be4310026b04e8f9
-
SHA1
07d730f54ba2558cf49c6d3309606f165111d9c6
-
SHA256
889c0d28e7f3ed6a39871d3121d74f05698570e511dfc9c011c40e3fda020dcc
-
SHA512
280d1e933583d4a5d01650b0b09c88bce09a29dae44b48babd88660ee82b8c6ea4c5132eff303aed8780f351cec3db2815ff253d5c7627a7936f42e42b54e191
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-