General
-
Target
po.exe
-
Size
898KB
-
Sample
210511-ta7htac4ka
-
MD5
83f6e4e71f9a6638f9caedb14934e3e6
-
SHA1
f7b05b5d187510060c810229155f290393fc3482
-
SHA256
94c45cc52e1fdbdf80a9d376ddbbd316a81d58acc1fa677a09b755e4cff17182
-
SHA512
134cfbb2aac318fde0323702cabc3270221b7870678e1f08a82513151c5fb0a984680cbc755f190c862385a25f4fbb1cfb4c9401ac344b4074e1429fe15145d2
Static task
static1
Behavioral task
behavioral1
Sample
po.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
po.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business77.web-hosting.com - Port:
587 - Username:
basari@makefoods-international.com - Password:
london1759
Targets
-
-
Target
po.exe
-
Size
898KB
-
MD5
83f6e4e71f9a6638f9caedb14934e3e6
-
SHA1
f7b05b5d187510060c810229155f290393fc3482
-
SHA256
94c45cc52e1fdbdf80a9d376ddbbd316a81d58acc1fa677a09b755e4cff17182
-
SHA512
134cfbb2aac318fde0323702cabc3270221b7870678e1f08a82513151c5fb0a984680cbc755f190c862385a25f4fbb1cfb4c9401ac344b4074e1429fe15145d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-