General
-
Target
PO15410.ISO
-
Size
1.2MB
-
Sample
211021-eqc4bsafhm
-
MD5
a9cf31668624482f4655bad515eab196
-
SHA1
1d11d6c022150257aaef340c464a4e370dec7536
-
SHA256
bd3690f0dafd5a4880e1d28c78c0e230451dc04b72ca97a030463d45f8a8ae19
-
SHA512
f19f3c12f75c16095ec7c917cba8d33d6a175d8390e412a928d64a8857169c94723244cdecc249387febce6726e949660b76d0927eae5b5038e53833a163759f
Static task
static1
Behavioral task
behavioral1
Sample
PO15410.EXE
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tanzanitecoffee.co.tz - Port:
587 - Username:
info@tanzanitecoffee.co.tz - Password:
Tanzanitecoffee2018
Targets
-
-
Target
PO15410.EXE
-
Size
444KB
-
MD5
9b1519dc04911fd229573b20acad1983
-
SHA1
05e54448c5a980debe1f3b6478e3ff38b0abdaf9
-
SHA256
3c6e548734714e341da1909e80c49a7433955d630fc2eb4ddc9c1cd26d366c09
-
SHA512
0e7d57095af4af2b9ffbe7d94a33c346ea7da04a1df8300da2c9cd7661aeba77d91ba055f068ba75d2169fbf76a7c67cba728d5442aebc053c45bcea39a31a1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-