General
-
Target
82b8f646380c1a4bc10d74fd5db58877cb2ff852d5ee222ffd9ea1635dbe123c
-
Size
481KB
-
Sample
220521-ah9p4sdbgq
-
MD5
06721b63ce34c35c8046ce63b987470e
-
SHA1
529aa64ed2082e808c1adecd6e8ad56d2c5298d2
-
SHA256
82b8f646380c1a4bc10d74fd5db58877cb2ff852d5ee222ffd9ea1635dbe123c
-
SHA512
4e00fbafa627e17e4fb58529e83024d3c4e86f1108e6b9ad6215275bd865d16bbdc1bd70df333a65d831fd93d0eecfc24bef76daf1fa9e9261295df31e124cdb
Static task
static1
Behavioral task
behavioral1
Sample
PO_NX-L1-15-00001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_NX-L1-15-00001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Extracted
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
PO_NX-L1-15-00001.exe
-
Size
601KB
-
MD5
dca1db416954bda2897bea5d0535f231
-
SHA1
a22b0c6d447687aa7651df0517149754cc373483
-
SHA256
8de5b231add82c95e720fb340206a50034e9ac1de1108977389538f37a5be45b
-
SHA512
333907a24af7465825a2caf91c011bc541ae16aea116dfd391ced9351469dad2fa2d2c82b920fd646aa65a9b245fd11b48305e07a2c719a8478994557e109386
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-