General
-
Target
8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b
-
Size
492KB
-
Sample
220521-agla5aaca2
-
MD5
9304cc725254f0f20512fe7c257ff5aa
-
SHA1
3bca7df2f0dccf3d33660042e350b0b18b19b159
-
SHA256
8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b
-
SHA512
8b7007ed0276f78a5aa91b368a506b7b6012b2df4a04e5a7e3c1e4243c57026d6bff854a8678c84576b3b261b32c7a32452a583581f958dd572fc28060bfe247
Static task
static1
Behavioral task
behavioral1
Sample
PO1159BL pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO1159BL pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.geral.com.pe - Port:
587 - Username:
[email protected] - Password:
michael1790
Extracted
Protocol: smtp- Host:
webmail.geral.com.pe - Port:
587 - Username:
[email protected] - Password:
michael1790
Targets
-
-
Target
PO1159BL pdf.exe
-
Size
779KB
-
MD5
2888b6e0215298848cd4a265bb839291
-
SHA1
af91231d46a4fa9cdeb6027307602a51cf47164e
-
SHA256
6da0b5d0f2264121fc9dd33312a865f1ac584f66f1191be257138e6cdfc05336
-
SHA512
4365b9aa010a2c194aa0d8d850a006d1a6a6f092f70b71bae754fa97ff0fc2adfae099075a808c3d0b8bec74c4107ee78ad1a68f01f23bd9de5b80289e47e192
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-