General
-
Target
PO181021.IMG
-
Size
1.3MB
-
Sample
211022-m2tjfsbed5
-
MD5
f4d0db4a5e34d08a4286c6877d289d06
-
SHA1
5ff828c50adb21e7b43e20595582b4ce44699c86
-
SHA256
2b4079f79a4bacd6ddee28b83db9003f647f2787897092f42208378596f8449b
-
SHA512
f72bffa594eb8b7da286b5fe758b603493ff5383f5af80bbc62598b638fe858243af8bded3e1f5c4025b23246f27114724691d0243b6e5dae09d65d9e9fe27e3
Static task
static1
Behavioral task
behavioral1
Sample
SOA6410.EXE
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SOA6410.EXE
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.probrick.co.za - Port:
587 - Username:
info@probrick.co.za - Password:
4INFO@probrick%$#@!
Targets
-
-
Target
SOA6410.EXE
-
Size
749KB
-
MD5
7e80bf5b2a4be25a76f8c1f3685bd007
-
SHA1
5a36bd2825c5d7e7b411f02081f80df6a53fc39f
-
SHA256
7d0e2f96ef3e27c5b8533f28d322f7db4d06d2327e415d24b669fe411a2016d1
-
SHA512
385dace12a2e3b09a9975880df966fb5eb22a2b853ce95694e86e64102d774795f0460840b4e411c2ab7f424619bd01b13961caa178fb1fd77dc4d66db9d26cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-