General
-
Target
12c02f2ee47646b51fea975d0a426421df2f1f0c728327b433f24287360eb3a3
-
Size
1.2MB
-
Sample
220520-3a44wagef4
-
MD5
ef8160901349fb86452c66f224913ebd
-
SHA1
ddccea12c63c81bc07754cd71ac621eef902a698
-
SHA256
12c02f2ee47646b51fea975d0a426421df2f1f0c728327b433f24287360eb3a3
-
SHA512
613f29a169fa7a8285f431d18d4945cf102b0c861e16a3b25367ed634b8838278ea6492db15112b4c5ee9a54b3e73d35bd0d8fe97c80ffd119c22469fdae0345
Static task
static1
Behavioral task
behavioral1
Sample
PO75344_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO75344_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flsrnidth.com - Port:
587 - Username:
[email protected] - Password:
nO8D96EWw.[Z
Targets
-
-
Target
PO75344_.EXE
-
Size
492KB
-
MD5
294516b381674411d70c1aa27e290cfc
-
SHA1
4bbe8b46690a62dd36d1e7b77261672899a795ca
-
SHA256
e178820be141bf44bfe4efa153a18e9ddb7bdc882120b0e6b0f7a2fb9f2e36da
-
SHA512
29252387f71d49b5835b79ca7cdb9591c5ea03edf316d9042f1a02344653bbcc995c7f914515566f0b4555ac4c27599d26e0ac2cb9c44ebf53b67f8a4e90d114
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-