General
-
Target
25ff617424cc6aacabca49d2f8bc71245fd28dc0acf0a26ea6192699d1322246
-
Size
588KB
-
Sample
220520-2z2vdabcem
-
MD5
7a228f182a0ef8c96394ca08baa84562
-
SHA1
edfc33458c9101f95cf01fe055de047f2f35a221
-
SHA256
25ff617424cc6aacabca49d2f8bc71245fd28dc0acf0a26ea6192699d1322246
-
SHA512
2e3b89a3c46cfef2379fed8b0ee69773f00a2443d1a1f482e782535e3d4a411dacf602512c526dc288b9b5916b400a36af777ca315bd3a2dd27869d1e81cebfd
Static task
static1
Behavioral task
behavioral1
Sample
PO1909003 (India).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO1909003 (India).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mrconsult-kw.com - Port:
587 - Username:
[email protected] - Password:
BADAWI1234567890
Extracted
Protocol: smtp- Host:
webmail.mrconsult-kw.com - Port:
587 - Username:
[email protected] - Password:
BADAWI1234567890
Targets
-
-
Target
PO1909003 (India).exe
-
Size
527KB
-
MD5
14e521e9de293f346c84d6ce637a3b1b
-
SHA1
9412312a8c9beb575e353dcbfb84d14e77c8807e
-
SHA256
74a4f01410127eb8a0cbfaaf9f8c60eb31bf8aad55599ba514d6ef02c9f660ff
-
SHA512
59f0a606fd9d43c631c9d4afc654623e50acc85b4b9bdbc954f15b534bf58693b134ede171fccc7ce3d16dc275b0e944828ff0f7ab9e886ced8954a2628c5f65
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-