General
-
Target
019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581
-
Size
615KB
-
Sample
220521-xls8vscad3
-
MD5
111e194d223926906ecea780f5a7a7f5
-
SHA1
bfc289366c5824f2d9cced4d6edf88cacdb77797
-
SHA256
019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581
-
SHA512
fcf7f0a6ba29e3e488363e3379a7d72ee0b95b185b47c2d509c7384dc671d683cbc0d50de4f205b3a8fa3148cc7b9cb0b941d28b2cc3496e0673f41a54fc1657
Static task
static1
Behavioral task
behavioral1
Sample
ARG 101.56-0.06 gauge.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ARG 101.56-0.06 gauge.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
chuk5anderson@yandex.ru - Password:
chukwudi123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
chuk5anderson@yandex.ru - Password:
chukwudi123
Targets
-
-
Target
ARG 101.56-0.06 gauge.exe
-
Size
825KB
-
MD5
30545d17881d0c3067ebc371dffa0730
-
SHA1
d9a148bf49b3cef4c5c5ee583b4973036c86c27e
-
SHA256
777e4e952b36fb4fc429e8338b14e09de7c0e076ab7aebe944e212c8087cfe39
-
SHA512
69fefe7cdee34cc54d81e9b7214c6027666889130226388e4a9de8ac88f192f86a6e92e4eb401b25c5d001cd6625f2aa194bae92dd4a2d884c0a4332671d2833
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-