General
-
Target
Zamówienie.jpeg.exe
-
Size
912KB
-
Sample
221207-nzpyxsdg42
-
MD5
4048ae821a5b07c2304b6948716e92a3
-
SHA1
17e84a40e2aa69a3dd1e2a40dc98c6b67762408c
-
SHA256
23f8d47363d71390a8b62c1d34c18b4ce36eaed94f4a9cc3b741f8e028a7245c
-
SHA512
b291cb9e88ac79e7a993c4e4615e439fd10acd16f48c612a7b5e893c34bae9d5ed825be40ccee12c1957a1dd863b0936f4489eda1571950cac5d33742d72e3e0
-
SSDEEP
12288:ayQgKZ/nXt7virmWhlGLaQYISjmaxnthMpYmAExjQc27uP1A3Xz6i43yMrgQbfFT:zLtclsvj3XA9rLtDSY35vV
Static task
static1
Behavioral task
behavioral1
Sample
Zamówienie.jpeg.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Zamówienie.jpeg.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.woxi.cz - Port:
587 - Username:
[email protected] - Password:
88RkoRO35 - Email To:
[email protected]
Targets
-
-
Target
Zamówienie.jpeg.exe
-
Size
912KB
-
MD5
4048ae821a5b07c2304b6948716e92a3
-
SHA1
17e84a40e2aa69a3dd1e2a40dc98c6b67762408c
-
SHA256
23f8d47363d71390a8b62c1d34c18b4ce36eaed94f4a9cc3b741f8e028a7245c
-
SHA512
b291cb9e88ac79e7a993c4e4615e439fd10acd16f48c612a7b5e893c34bae9d5ed825be40ccee12c1957a1dd863b0936f4489eda1571950cac5d33742d72e3e0
-
SSDEEP
12288:ayQgKZ/nXt7virmWhlGLaQYISjmaxnthMpYmAExjQc27uP1A3Xz6i43yMrgQbfFT:zLtclsvj3XA9rLtDSY35vV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-