General
-
Target
PO#-LSE-PR009676-2021.exe
-
Size
933KB
-
Sample
210118-dwegg2qm9a
-
MD5
aef4812b8471dba97dfc509e97e5ed9b
-
SHA1
6b7bb1fb291c21e4951a8705e17105d9bbc41abd
-
SHA256
aff05449760ff99e902971d68c62bc5b86affd5f1cb40d6c911ae4c691943bec
-
SHA512
249526f6b59e542e9d002da914550a3516d07526c90b6aad1ed3a0ebc74717daa2012c58bc8aefc9f98d0c0e27186fbae99dfe7547736dd17f27072e33d25520
Static task
static1
Behavioral task
behavioral1
Sample
PO#-LSE-PR009676-2021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO#-LSE-PR009676-2021.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jjfconsultores.com - Port:
587 - Username:
jjfconsultores@jjfconsultores.com - Password:
primapolitica
Targets
-
-
Target
PO#-LSE-PR009676-2021.exe
-
Size
933KB
-
MD5
aef4812b8471dba97dfc509e97e5ed9b
-
SHA1
6b7bb1fb291c21e4951a8705e17105d9bbc41abd
-
SHA256
aff05449760ff99e902971d68c62bc5b86affd5f1cb40d6c911ae4c691943bec
-
SHA512
249526f6b59e542e9d002da914550a3516d07526c90b6aad1ed3a0ebc74717daa2012c58bc8aefc9f98d0c0e27186fbae99dfe7547736dd17f27072e33d25520
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-