General
-
Target
PO#4802567411.exe
-
Size
580KB
-
Sample
221003-p32ybsgbhn
-
MD5
f9e0af58ea534e3e64ee225824abd7e8
-
SHA1
11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
-
SHA256
7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
-
SHA512
5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
-
SSDEEP
6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m
Static task
static1
Behavioral task
behavioral1
Sample
PO#4802567411.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PO#4802567411.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
andreasconstant@yandex.com - Password:
DreamChaser101
Targets
-
-
Target
PO#4802567411.exe
-
Size
580KB
-
MD5
f9e0af58ea534e3e64ee225824abd7e8
-
SHA1
11a3e3b9d90ee75f72d2b9306b96b2f23839ee3c
-
SHA256
7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
-
SHA512
5dc831f1987607209eafac1038185b7bad004edc0938342ef544cdbf7668b22593d8c738858bd6c0fa41bcbe5b0ec2c4574d6979809d86875200c3aa8daf1473
-
SSDEEP
6144:D//V6dz5TntnRk4cneuBW1+LTmj4cwF3OnCqX2e0G+u1Pb5upJi9qC3oqQkTm:D/d6d1TtnXSvmj4jBqX2KFBbaVCA8m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-