General
-
Target
PO PJS-4000079.rar
-
Size
432KB
-
Sample
211019-l1p9zaffb9
-
MD5
1524197a480ec0c68e0da5650ba2b985
-
SHA1
08e27f4e32ab766ec83eba4046b3ee4245224c80
-
SHA256
8b0602c0bf8e415205306228568eca2da486f3ddee6cc6b6081718f712c49ae9
-
SHA512
0acf10b20ec31d8f8177cd7d30f858179f42c546d80a4c7ca2a85e2d90d5f99a554ea93e34b07f5c5da8091f92646d336488c1ce0ec1a78c364abae8a2c4e211
Static task
static1
Behavioral task
behavioral1
Sample
PO PJS-4000079.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PO PJS-4000079.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.medicare-equipment.com - Port:
587 - Username:
[email protected] - Password:
AllTheBest777
Targets
-
-
Target
PO PJS-4000079.exe
-
Size
573KB
-
MD5
32a9bdf8ead718570533e627e2b0a15a
-
SHA1
b831848f2be003c7ee06a46e51253807048acaaf
-
SHA256
92aca1894f0493a26dde546c3c9e377be17244b01ee1145a48b997fb56c5e6b0
-
SHA512
7c2e33a1917ee5546106c28b40e8bb9edffbe2ac0fb26ef54925886ffc58a9a0598bcb87c00f14226ee4a2b261512a293e3c43d2cd548bca1e0fad9c2923ce11
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-