General
-
Target
PO CPO_9785677-1 (ITN 095784).exe
-
Size
516KB
-
Sample
210727-w3zxy2nzbe
-
MD5
04ce2f0ca28c875383e53ba18fab1f16
-
SHA1
9b4b84d26cbf6c411ed8f4b862f3e28e4aee5a76
-
SHA256
ee0ce73cb38775e87e2e1e7391bd333a950027577b4bd3213422e396ba4ff3b1
-
SHA512
5e24ffc2f434e228cbb14e5199520b3ab6e1cf1a73a12bfaae389bba73f82bd4c1231e0d39c17447b456f6677315c0e9bfaa41e0052e6e9a67b6db6dc8586ad3
Static task
static1
Behavioral task
behavioral1
Sample
PO CPO_9785677-1 (ITN 095784).exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO CPO_9785677-1 (ITN 095784).exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
frankmillloggins@vivaldi.net - Password:
Amalogs21345@
Targets
-
-
Target
PO CPO_9785677-1 (ITN 095784).exe
-
Size
516KB
-
MD5
04ce2f0ca28c875383e53ba18fab1f16
-
SHA1
9b4b84d26cbf6c411ed8f4b862f3e28e4aee5a76
-
SHA256
ee0ce73cb38775e87e2e1e7391bd333a950027577b4bd3213422e396ba4ff3b1
-
SHA512
5e24ffc2f434e228cbb14e5199520b3ab6e1cf1a73a12bfaae389bba73f82bd4c1231e0d39c17447b456f6677315c0e9bfaa41e0052e6e9a67b6db6dc8586ad3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-