General
-
Target
bfdf578a59187996fbcee39433b5dad6c3018f89556d9e544c17eb2687af4abb
-
Size
1.2MB
-
Sample
220520-2wfsqsbahj
-
MD5
d19a99b8494b3761b25166a477985753
-
SHA1
76c059880047d9514aa4044191658fd92ca903f3
-
SHA256
bfdf578a59187996fbcee39433b5dad6c3018f89556d9e544c17eb2687af4abb
-
SHA512
87d000ea94aa511f374c6aeea38876221fff3eb5ef7710fd550a0d2abed48e4348710e16d2ff07a96e1fb98d78682b5bbbf73aa3cbabced54da01ad240781994
Static task
static1
Behavioral task
behavioral1
Sample
PO_AUXT2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_AUXT2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.urban.co.th - Port:
587 - Username:
[email protected] - Password:
Urban@1143
Targets
-
-
Target
PO_AUXT2.EXE
-
Size
693KB
-
MD5
59377d421a5d8d2db2fb28b876ce842f
-
SHA1
9d89884a4e810871e2784441d0628b1b3991f819
-
SHA256
b1135688496020eb3e075121b22fb9c726c6021068ce415be82d8e48540dc563
-
SHA512
ad26d71006cd7601cea7cd5c00d4e858b00876c30c475c79caa88aa20cefe3f8e87eb48bde48ff89a22588d8d4563d1ec287d695bad5166f169634545219563a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-