General
-
Target
po.zip
-
Size
815KB
-
Sample
210511-wn5y6xjxne
-
MD5
c321a0f82f1d7835878d0cf03c5ccf5d
-
SHA1
13354fa4aef394345f566437b77b6a1a2a44b0f0
-
SHA256
d49feb5337ce300e56e04b5a706063ba9b9ddf9f34de9bf5c599ea18ff0657e2
-
SHA512
902d5c4bb605a18350fe3966efa8a053a0f36c3b0f86fdf9665ff85f84e7cab56e5695c58aa0bd0889fae5942e327b8bbd963da3e4227eb015027493dc1a3145
Static task
static1
Behavioral task
behavioral1
Sample
po.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
po.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business77.web-hosting.com - Port:
587 - Username:
basari@makefoods-international.com - Password:
london1759
Targets
-
-
Target
po.exe
-
Size
898KB
-
MD5
83f6e4e71f9a6638f9caedb14934e3e6
-
SHA1
f7b05b5d187510060c810229155f290393fc3482
-
SHA256
94c45cc52e1fdbdf80a9d376ddbbd316a81d58acc1fa677a09b755e4cff17182
-
SHA512
134cfbb2aac318fde0323702cabc3270221b7870678e1f08a82513151c5fb0a984680cbc755f190c862385a25f4fbb1cfb4c9401ac344b4074e1429fe15145d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-