General
-
Target
a558febf4bbd45aecc5e7cc87456c1cee21ce08ddea7ef1b80b6ad0dde3771c4
-
Size
530KB
-
Sample
220521-aam65scgcj
-
MD5
6812c0da7a3148e26ff458b1677ededd
-
SHA1
96e228702de7cec1c1bea46e622962ba2ad7cd38
-
SHA256
a558febf4bbd45aecc5e7cc87456c1cee21ce08ddea7ef1b80b6ad0dde3771c4
-
SHA512
5f65d4920843884aeadd2a560d66f9afad163ba4bf9df2ed598ca50745a9acb21435e3676331fe01eba5ca6627a8960c216cc4a3dcca07d786e44391d5715f55
Static task
static1
Behavioral task
behavioral1
Sample
PO_03422020_11.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_03422020_11.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
111aaa
Targets
-
-
Target
PO_03422020_11.exe
-
Size
469KB
-
MD5
a128f9fcd3dd95132460741e5c5ade03
-
SHA1
99a3d5233d4a715265107248b9f05357dafdc3b1
-
SHA256
016e3777c66eb1d3ebc04c573a0b9f9dca639d32312b87e68d84934b13e02a9c
-
SHA512
96a80d30f210bb41fad2425f8ecd45d7e4b138a99741f4cf72a9d85579d490547b9b90332586feca0bb3e35c5d74f42bd9a0b54d003c75ded31ac200e843a6ee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-