General
-
Target
PO-37566324756834756_XLS.exe
-
Size
714KB
-
Sample
201109-tmpywtgene
-
MD5
b56b7bea3cd94a84afa1024aea59ac6d
-
SHA1
4d95aee7d7ad2463e0c5a47687057bd390df6430
-
SHA256
d8525b2302c08306f63aa470ca7e081dbf35669af349cd1224d1485ecff71d43
-
SHA512
c5791e1a79e8ca31a5ddc14d7ed7c071bfcc518d5e2a5bed8c6c1ec5d08962a3d3bf83833024d6de819d90b173eff0ad06ab0b89415990c24e17926c40f4105f
Behavioral task
behavioral1
Sample
PO-37566324756834756_XLS.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO-37566324756834756_XLS.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karcek.com.tr - Port:
587 - Username:
info@karcek.com.tr - Password:
Ahmet.6193
Targets
-
-
Target
PO-37566324756834756_XLS.exe
-
Size
714KB
-
MD5
b56b7bea3cd94a84afa1024aea59ac6d
-
SHA1
4d95aee7d7ad2463e0c5a47687057bd390df6430
-
SHA256
d8525b2302c08306f63aa470ca7e081dbf35669af349cd1224d1485ecff71d43
-
SHA512
c5791e1a79e8ca31a5ddc14d7ed7c071bfcc518d5e2a5bed8c6c1ec5d08962a3d3bf83833024d6de819d90b173eff0ad06ab0b89415990c24e17926c40f4105f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-