General
-
Target
bf578c98708023b142b79f6928aa9b4260c8df607c30cda4e005e8eb1348daa6
-
Size
450KB
-
Sample
220520-3wgkpsceap
-
MD5
af3ec1b5d7ffa44c070ee0fae1060cee
-
SHA1
7f3b8d47042b4f8be46e90168da9457121c0360b
-
SHA256
bf578c98708023b142b79f6928aa9b4260c8df607c30cda4e005e8eb1348daa6
-
SHA512
ae2b5e5beb2426f9401df61b4b29074eebfebe5d1ff2cf2e3b499d394ae95cb3ef40ad8424a9c9b9216cbb581cd58dff1ad861fb69074e12a5e376649c18b85b
Static task
static1
Behavioral task
behavioral1
Sample
PO_NX-LI-15-0001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_NX-LI-15-0001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Extracted
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
PO_NX-LI-15-0001.exe
-
Size
613KB
-
MD5
1036042bb2859f62407a923d4966f6d2
-
SHA1
41819454b7bc4757dedba527ba784b95a8861f8e
-
SHA256
ab7b73970bd106cef348d5cde8a8e70e321a00ec6ed1416a572524b631cfa4a3
-
SHA512
905922adae41e6807dd70f1fc3d7841a93862e667574b464c91a2d0e09d17e7b6a85911cc739cd608b95229db6f5aad8368fce18c806bd413ef0cddd46a536cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-