General
-
Target
yy.exe
-
Size
221KB
-
Sample
221125-j6jchadc29
-
MD5
8f7a4e536cfbd27489fb08452e37b537
-
SHA1
9a4c49ae5d320f5fb9334ecde8c02f6ef1601fba
-
SHA256
8460811722d9f13f1205ce1ef517f9c2b70043a2f96292f3fcf40d6e821d8c05
-
SHA512
f81e2fab30c2116bd281da1e7db937d286a8739fcf51d11e300d17841db3055eaee6fec9cc0ea105c155b612c9f28a9dc4aa3b1b6a9d34ce2f143e030eb5cd40
-
SSDEEP
3072:dkduc/oYpWa2wlAQG1r3o261YeUWdBQsR0z7rwfKuzVHGbfWebODCsnwnq6:iB/oYxzKzZ3o26gGCsq7MZ0bfJqfn
Static task
static1
Behavioral task
behavioral1
Sample
yy.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
yy.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
[email protected] - Password:
K@rimi95
Extracted
agenttesla
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
[email protected] - Password:
K@rimi95 - Email To:
[email protected]
Targets
-
-
Target
yy.exe
-
Size
221KB
-
MD5
8f7a4e536cfbd27489fb08452e37b537
-
SHA1
9a4c49ae5d320f5fb9334ecde8c02f6ef1601fba
-
SHA256
8460811722d9f13f1205ce1ef517f9c2b70043a2f96292f3fcf40d6e821d8c05
-
SHA512
f81e2fab30c2116bd281da1e7db937d286a8739fcf51d11e300d17841db3055eaee6fec9cc0ea105c155b612c9f28a9dc4aa3b1b6a9d34ce2f143e030eb5cd40
-
SSDEEP
3072:dkduc/oYpWa2wlAQG1r3o261YeUWdBQsR0z7rwfKuzVHGbfWebODCsnwnq6:iB/oYxzKzZ3o26gGCsq7MZ0bfJqfn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-