General
-
Target
Po docs. pdf................................exe
-
Size
718KB
-
Sample
211203-km6t5afghk
-
MD5
54a11ae845acbd951f5263a8013db736
-
SHA1
f7e0115a08e3f37519499ff36b5f33c02bd46fdc
-
SHA256
a2a9b6a0deb3f24e5239a84442bdf3e0d45f2c19b2c1ceb0a1c32f37d38b7a54
-
SHA512
aa0a42e46f7c592d2bbef0024010fec693303b55d7b95463aa97235e5aa1dc8a4e887e77e2ca0348612dcbc874531fa5842ef582656413e2157341f012c917b2
Static task
static1
Behavioral task
behavioral1
Sample
Po docs. pdf................................exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Po docs. pdf................................exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oxc-ph.com - Port:
587 - Username:
ammuntiveros@oxc-ph.com - Password:
oxychempassword
Targets
-
-
Target
Po docs. pdf................................exe
-
Size
718KB
-
MD5
54a11ae845acbd951f5263a8013db736
-
SHA1
f7e0115a08e3f37519499ff36b5f33c02bd46fdc
-
SHA256
a2a9b6a0deb3f24e5239a84442bdf3e0d45f2c19b2c1ceb0a1c32f37d38b7a54
-
SHA512
aa0a42e46f7c592d2bbef0024010fec693303b55d7b95463aa97235e5aa1dc8a4e887e77e2ca0348612dcbc874531fa5842ef582656413e2157341f012c917b2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-