General
-
Target
4fc06cd395ad30759c20bc2547f24a25c13e031780e59fa9ca26a6ea6bcc2f08
-
Size
354KB
-
Sample
220521-b2x14agaaj
-
MD5
754e9f058e5a1d467143ef341c0b99de
-
SHA1
8c0efe2bbbbb861e508064fbb99e09470f101544
-
SHA256
4fc06cd395ad30759c20bc2547f24a25c13e031780e59fa9ca26a6ea6bcc2f08
-
SHA512
d08d44a8ff71e14f87395122204bc141d0ace1fecc3451b781fa775dd889b353fb6f88c4a9d8dc83faf61fe5beec8c5a3ba9ced436960edce1113d571534f124
Static task
static1
Behavioral task
behavioral1
Sample
FALCOR PO .NO.FEC87257ADM20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FALCOR PO .NO.FEC87257ADM20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
admin2214
Targets
-
-
Target
FALCOR PO .NO.FEC87257ADM20.exe
-
Size
398KB
-
MD5
02c7ba4e15c96f667bf893f24d209e1d
-
SHA1
c14348d9407f32948b91be9d3df50862fb4ffdb9
-
SHA256
bee57d303281d0b8e2e681015ab7e1ac8c82972328c4f43350b20cc3a0999f21
-
SHA512
48d23708e14a0fbe1e7eec34436f8204e7906f62bd8cc5bc756cb3b6529aca1b8328dcf682e389fdcdf48ef8fb2b534e35a35b01fe573248d66eb64037556d5e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-