General
-
Target
af6baf4b66c39227b9f45e557873ca83040dd8f5cd2be18f1fcabe39152b4fb8
-
Size
491KB
-
Sample
220521-b4ktjsgadr
-
MD5
3cdc87c3a51aae2530cdf91bb7596195
-
SHA1
d53a82afcf013230bc2721048b842fadd7f25540
-
SHA256
af6baf4b66c39227b9f45e557873ca83040dd8f5cd2be18f1fcabe39152b4fb8
-
SHA512
f2d5030e5ab3c2d3b008846c80f03d73d7578efc25e563360a16d9b696bc6fb86b2c41f1d94c2bbfd6050107f24705cca26e27661bcb3a2fb77840e814c800a1
Static task
static1
Behavioral task
behavioral1
Sample
PO_03934949.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_03934949.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fedefruta.cl - Port:
587 - Username:
[email protected] - Password:
mh_220301_
Extracted
Protocol: smtp- Host:
mail.fedefruta.cl - Port:
587 - Username:
[email protected] - Password:
mh_220301_
Targets
-
-
Target
PO_03934949.exe
-
Size
970KB
-
MD5
879182fa82d46464c98939a1db751d46
-
SHA1
6077205f9b2caa2d092613ba8614b0ee72adf753
-
SHA256
890be95e80abe228a943aad583f5463da9b56f6191c0672fe3bacbbc2b67402b
-
SHA512
e63d5b8147ec91874ad7d29bd7f5ca8486eb5eafcc7a97e51d12a3382d565db56828887cd7d5277035f0348c081bd58c1da51cbb744410c48ab29db06834d755
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-