General
-
Target
PO452020.exe
-
Size
498KB
-
Sample
201109-21ne53865x
-
MD5
67a7ff98422d442f326c897c61bf1ac6
-
SHA1
19e9c3845f643ae990156333de2a9b260ec0ef7e
-
SHA256
48cca001e16cddccecb68cb5e131caf333fb824e3e6ec0788b6e8d912fd8ef94
-
SHA512
a22a5dd230750ce9f6412b35f50bb9678946ef0185982fd26dcb29578819560f6861a06629ec3f0f191a0590347a53cbd027e1b00187e8f1507ff0a677adc47b
Behavioral task
behavioral1
Sample
PO452020.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO452020.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bapipl.com - Port:
587 - Username:
skc@bapipl.com - Password:
Bharat123
Targets
-
-
Target
PO452020.exe
-
Size
498KB
-
MD5
67a7ff98422d442f326c897c61bf1ac6
-
SHA1
19e9c3845f643ae990156333de2a9b260ec0ef7e
-
SHA256
48cca001e16cddccecb68cb5e131caf333fb824e3e6ec0788b6e8d912fd8ef94
-
SHA512
a22a5dd230750ce9f6412b35f50bb9678946ef0185982fd26dcb29578819560f6861a06629ec3f0f191a0590347a53cbd027e1b00187e8f1507ff0a677adc47b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-