General
-
Target
f851ef56bdbf47bd652a2cf5604da9fc1675e7d34256357866234531464d9cc8
-
Size
380KB
-
Sample
220520-3jh8rsbhep
-
MD5
1141c64f9d62b3270c48670a458bda1e
-
SHA1
58767319a14e6aae5d1f6963d870b2e2cd8e6e0b
-
SHA256
f851ef56bdbf47bd652a2cf5604da9fc1675e7d34256357866234531464d9cc8
-
SHA512
9a156c3f51f5179993ae6ff61938fb56591eb3bd040636326970f1bce1335b8b198b9411c4dbad69e7d4f8a092e3c7bd864b197b27443fbf003ee84c73e6a1b0
Static task
static1
Behavioral task
behavioral1
Sample
PO#45302925_doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#45302925_doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
PO#45302925_doc.exe
-
Size
481KB
-
MD5
dc214cfdb580a61d884ae8e13d3badf4
-
SHA1
c12371c21be0bca42e236c954b0c5e9f5163fd25
-
SHA256
6f80781abdf53463e9829499b179a5ad25b99bfe37dadf4ee69deada26efd113
-
SHA512
cbb4ff0c2558de341902aed929dc1de75d655f59dfb794932c86fcf8736fcbf375079e783b39e1f7de1b74d9c40934f8d56618078520771bdf4dae87e8f954cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-