General
-
Target
MV. PACIFIC POWER - scanned.exe
-
Size
484KB
-
Sample
211022-s9b72abgg6
-
MD5
8bbe66fe1aa1c26e2ef7b4d752998d3a
-
SHA1
8df9097789d3b548c807d5c932c9a530cf1fa1a0
-
SHA256
bac1342206103fdc88c4c3ca8b2c30d73e46781d8e40f82f1ea4064547bbb76c
-
SHA512
e19fef507bff4b75bce4d6a9ce6e18209cd0d5aa660e89abee2e6daba6e96751c279f2bb6ccd8a265b196a5addb282695f58cf36612ecbd25184d6ad64191a04
Static task
static1
Behavioral task
behavioral1
Sample
MV. PACIFIC POWER - scanned.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
MV. PACIFIC POWER - scanned.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.penavico--cz.com - Port:
587 - Username:
ops@penavico--cz.com - Password:
Fq$L%J((!6
Targets
-
-
Target
MV. PACIFIC POWER - scanned.exe
-
Size
484KB
-
MD5
8bbe66fe1aa1c26e2ef7b4d752998d3a
-
SHA1
8df9097789d3b548c807d5c932c9a530cf1fa1a0
-
SHA256
bac1342206103fdc88c4c3ca8b2c30d73e46781d8e40f82f1ea4064547bbb76c
-
SHA512
e19fef507bff4b75bce4d6a9ce6e18209cd0d5aa660e89abee2e6daba6e96751c279f2bb6ccd8a265b196a5addb282695f58cf36612ecbd25184d6ad64191a04
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-