General
-
Target
PO.1800046306.zip
-
Size
834KB
-
Sample
210416-q9gg413r76
-
MD5
09f0e23939b15442e313c732973e55f2
-
SHA1
ebc4dbf051fd5f86d01727e1f18e31c364a0bf38
-
SHA256
7a56b177711cfa18bc4dd5a86a97dc14056cce17c67253f96206ac6814e71803
-
SHA512
e8849a9c81a673b78b0babc3d66ec81f66565351de2c44c77b02580b000e59837af26a000aeb937eb5af6c51f6df7d64cf88f43d0c19cecd20b858846341536e
Static task
static1
Behavioral task
behavioral1
Sample
PO.1800046306.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO.1800046306.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
PO.1800046306.exe
-
Size
1.2MB
-
MD5
8ac761c485f5058145868906d9237d96
-
SHA1
aadfac701ad02583888abc66abfd7b0ceb82aa88
-
SHA256
712ee2c8e400db5f024878bc5296cb33f37bb6a19f17a9f68b3a194dd577a467
-
SHA512
d4575185541a42fa3ec0e892b9c45d574aa09683eabd28c4600d2e093ce477a43d538fef9f4f1e992cae149d7b94f5678e3f0d84411cb977bafa37fb18a7ff36
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-