General
-
Target
documentsamm0987.exe
-
Size
471KB
-
Sample
220522-f2rljaffe6
-
MD5
b758085536dfad4e777f338c502d497b
-
SHA1
a70aadb52a93d6d09c2a5d765293f2e3e15e8cb7
-
SHA256
9938dfd6f77a545a4755547b7aee8b6a5cbce2063f47080ab222038e250c158e
-
SHA512
c67e3687e5e04a6ae49431e995bafdb9bfd7e62a28ec1ab3b9031f3765d6328c27ea41cd9d8fe271153fb87f67faed1342c8980623463e84657bf0405dbce50f
Static task
static1
Behavioral task
behavioral1
Sample
documentsamm0987.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
documentsamm0987.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nysainternational.in - Port:
587 - Username:
info@nysainternational.in - Password:
Bewaqoof123@ - Email To:
manikandan.smartind@gmail.com
Extracted
Protocol: smtp- Host:
mail.nysainternational.in - Port:
587 - Username:
info@nysainternational.in - Password:
Bewaqoof123@
Targets
-
-
Target
documentsamm0987.exe
-
Size
471KB
-
MD5
b758085536dfad4e777f338c502d497b
-
SHA1
a70aadb52a93d6d09c2a5d765293f2e3e15e8cb7
-
SHA256
9938dfd6f77a545a4755547b7aee8b6a5cbce2063f47080ab222038e250c158e
-
SHA512
c67e3687e5e04a6ae49431e995bafdb9bfd7e62a28ec1ab3b9031f3765d6328c27ea41cd9d8fe271153fb87f67faed1342c8980623463e84657bf0405dbce50f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-