General
-
Target
PO 130121.exe
-
Size
1.4MB
-
Sample
210113-69xaklkczx
-
MD5
27664fc61c532f727b436b825f2d11a1
-
SHA1
401e7e15854d5806931e96d512b23721da0a5987
-
SHA256
d902b781f4c31773b7701752482939fc55c05a775ee69ccb86f0e085279f5ef6
-
SHA512
dea21a7698da9011f5a5801e4c35da4196e3b1647f820b33d5c3c299fddcabc7ee6ca9e1b45ecb2b7d91f2959c03323071b6fa242172dbfdf4e06a9587a17df6
Static task
static1
Behavioral task
behavioral1
Sample
PO 130121.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO 130121.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1540891786:AAG8-WgKmkT_fgxDGLAT1i1C6rkSbgtmdzE/sendDocument
Targets
-
-
Target
PO 130121.exe
-
Size
1.4MB
-
MD5
27664fc61c532f727b436b825f2d11a1
-
SHA1
401e7e15854d5806931e96d512b23721da0a5987
-
SHA256
d902b781f4c31773b7701752482939fc55c05a775ee69ccb86f0e085279f5ef6
-
SHA512
dea21a7698da9011f5a5801e4c35da4196e3b1647f820b33d5c3c299fddcabc7ee6ca9e1b45ecb2b7d91f2959c03323071b6fa242172dbfdf4e06a9587a17df6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-