General
-
Target
Po docs. pdf...............................r16
-
Size
460KB
-
Sample
211203-km6jcsagg7
-
MD5
520491b040ed3fdea7a877acee2f9ca1
-
SHA1
3b737760a8814fc55b9fd0169424be755cbc8a03
-
SHA256
625d77dfe7f5dd78fa40accd4e84a12cb5387e6de68f771d0f138e97a18a2959
-
SHA512
1d1e1c64a5e1586ef77734292eebcef10c1778d0157078f4985d2eb516496e4a9bbaefd822efe560545e190387ec512051d9cbc3ab916d0fde78e029adf8d5ef
Static task
static1
Behavioral task
behavioral1
Sample
Po docs. pdf................................exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Po docs. pdf................................exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oxc-ph.com - Port:
587 - Username:
[email protected] - Password:
oxychempassword
Targets
-
-
Target
Po docs. pdf................................exe
-
Size
718KB
-
MD5
54a11ae845acbd951f5263a8013db736
-
SHA1
f7e0115a08e3f37519499ff36b5f33c02bd46fdc
-
SHA256
a2a9b6a0deb3f24e5239a84442bdf3e0d45f2c19b2c1ceb0a1c32f37d38b7a54
-
SHA512
aa0a42e46f7c592d2bbef0024010fec693303b55d7b95463aa97235e5aa1dc8a4e887e77e2ca0348612dcbc874531fa5842ef582656413e2157341f012c917b2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-