General
-
Target
P.O.exe
-
Size
946KB
-
Sample
210624-j48dre1ms6
-
MD5
3f83b2eccdf7eaca5c3884479720c7fd
-
SHA1
523d78694bdd9db03a2a3069a4be9cff6256f2ff
-
SHA256
6f5364b34d1b30cfcecd5200c68bb09a0fbb0a7afaf1d84d540ada8d0232dc04
-
SHA512
5f6f93fd0ed7b154c77312454813ac43f377d8d1478e1378f94875a2951e6f7484ce93a444ab68a8ddf66beb0660a49b5175efda2099621254c3c1d2b6c0d45d
Static task
static1
Behavioral task
behavioral1
Sample
P.O.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
P.O.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cavilum.cl - Port:
587 - Username:
mmardones@cavilum.cl - Password:
Cavilum4313
Targets
-
-
Target
P.O.exe
-
Size
946KB
-
MD5
3f83b2eccdf7eaca5c3884479720c7fd
-
SHA1
523d78694bdd9db03a2a3069a4be9cff6256f2ff
-
SHA256
6f5364b34d1b30cfcecd5200c68bb09a0fbb0a7afaf1d84d540ada8d0232dc04
-
SHA512
5f6f93fd0ed7b154c77312454813ac43f377d8d1478e1378f94875a2951e6f7484ce93a444ab68a8ddf66beb0660a49b5175efda2099621254c3c1d2b6c0d45d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-