General
-
Target
PO#67890345201.exe
-
Size
631KB
-
Sample
211202-hqya2sfea8
-
MD5
4cb1db6fc2e75ae919a6e006ae467d6a
-
SHA1
386fd2b6440e5e0c2cbc6beb45cae3dec76faeec
-
SHA256
8527c00ea28ed609e8a8c71c85adc9dc4a23dc8068b98902d77eec15425cb1fe
-
SHA512
1fd5a9298fa22950c6631297de878625327e3648cae61ff8e37ac7e3ba9ab84101c8da041beed66b9d6a89c9093efd9937bb3e097b11af91672343a71ac83cdc
Static task
static1
Behavioral task
behavioral1
Sample
PO#67890345201.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PO#67890345201.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modularelect.com - Port:
587 - Username:
[email protected] - Password:
successman12@
Targets
-
-
Target
PO#67890345201.exe
-
Size
631KB
-
MD5
4cb1db6fc2e75ae919a6e006ae467d6a
-
SHA1
386fd2b6440e5e0c2cbc6beb45cae3dec76faeec
-
SHA256
8527c00ea28ed609e8a8c71c85adc9dc4a23dc8068b98902d77eec15425cb1fe
-
SHA512
1fd5a9298fa22950c6631297de878625327e3648cae61ff8e37ac7e3ba9ab84101c8da041beed66b9d6a89c9093efd9937bb3e097b11af91672343a71ac83cdc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-