General
-
Target
9021ca2b2205f2ecf42863fb096030788a6e22644e420babc8af2379ffe224f4
-
Size
504KB
-
Sample
220521-ae97gaabd8
-
MD5
2f70bacdf31bfe1f64b115581ff24e12
-
SHA1
705257c9a7965911f4875367940cecede8162883
-
SHA256
9021ca2b2205f2ecf42863fb096030788a6e22644e420babc8af2379ffe224f4
-
SHA512
0968f68a3a2cc32a48c6736205ec76e59f968caaef7a72db2a4e2d6d9faf85bfbe3e63aea2e90a8ed485aae57c1f1724a0ab222512a495c45d5dbdc031835c92
Static task
static1
Behavioral task
behavioral1
Sample
PL-VAM 80031440.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PL-VAM 80031440.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.foodanddesign-lb.com - Port:
587 - Username:
[email protected] - Password:
yarze@2018
Targets
-
-
Target
PL-VAM 80031440.exe
-
Size
726KB
-
MD5
9c0f23e7053592ca297b1b59e2538ee3
-
SHA1
19c26a4ccff90f2abd3f1821aa29f9d33272af21
-
SHA256
347edc0f7def3d3ff474f0e96d8e9c3feb7d20039bdec2999428d913e3318172
-
SHA512
d6fef56ee3af4482b895fd1460c453ae4d1c5e4c26f42488a4568b12cbd58f3637807f7b48d22c8e7ee2d91a7ea31ffba9031ce899e365b68c35369f3bfa7795
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-