General
-
Target
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136
-
Size
523KB
-
Sample
220625-ebwbcschfp
-
MD5
eb3bb19e79139d5ff456a6bdfbf0491e
-
SHA1
65264eca6544f09ffe8d4da32b99128431780e83
-
SHA256
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136
-
SHA512
874cdeda4ca5de77aa6b5b8bb460cd87f90b9689819d92a9ba16f1519fb0d8e6b9e29ea730378d08d41402c539429c27eb057bfb6e570f942faf49eb62a2465f
Behavioral task
behavioral1
Sample
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
brightins@yandex.ru - Password:
wokoma10
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
brightins@yandex.ru - Password:
wokoma10
Targets
-
-
Target
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136
-
Size
523KB
-
MD5
eb3bb19e79139d5ff456a6bdfbf0491e
-
SHA1
65264eca6544f09ffe8d4da32b99128431780e83
-
SHA256
e5fd3dbff62980d7f0a5abeb0f982352ba378eb76f372c3d7add7be144c61136
-
SHA512
874cdeda4ca5de77aa6b5b8bb460cd87f90b9689819d92a9ba16f1519fb0d8e6b9e29ea730378d08d41402c539429c27eb057bfb6e570f942faf49eb62a2465f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-