General
-
Target
PO#4802567411.7z
-
Size
239KB
-
Sample
221003-p32ybsgbhm
-
MD5
3bf2031129706d94954be0661fb42077
-
SHA1
610dfd75d51c49d04a0add7a050657973cdb4613
-
SHA256
d62b7e6e366b8017f943305ff0fe0ee8b72d0bc9c702fed753df64fee3350c90
-
SHA512
114ade2dbf1c63bc21b9ed79a59305fc65ac6d44b36bcc9eb9360c563801d3eda36c657afa4fe71e53eab4fd50e32b86d5a1c7ee69ab50cf25f75839c07a1f7e
-
SSDEEP
6144:4edsWth8KIe5HMmpdUJjVV/yNXSxTI64VMI8NuC2/:4edsWrUkdK5/y4FIfqI8q/
Static task
static1
Behavioral task
behavioral1
Sample
PO#4802567411.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO#4802567411.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
andreasconstant@yandex.com - Password:
DreamChaser101
Targets
-
-
Target
PO#4802567411.exe
-
Size
580KB
-
MD5
f9e0af58ea534e3e64ee225824abd7e8
-
SHA1
11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
-
SHA256
7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
-
SHA512
5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
-
SSDEEP
6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-