General
-
Target
4bbc5c9f1b0c8b42dd7d5734f48218ea5f15482324418625aabfee44d166c942
-
Size
475KB
-
Sample
220521-bbe3labfc6
-
MD5
092dbd2e80147f037cedcb9a16f05965
-
SHA1
f502012125a7b9e1ce208bbbfa47e0968160de52
-
SHA256
4bbc5c9f1b0c8b42dd7d5734f48218ea5f15482324418625aabfee44d166c942
-
SHA512
c3943efe6bae1403b5c3c9b79ddfe62c6b449d00cb6173d833aac3b1c50914c63b6093518921398ecbfdc4946b10709c93a64f1c8fb51c9b7ec6b1befee2c65b
Static task
static1
Behavioral task
behavioral1
Sample
POKVRQ-9436854.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
POKVRQ-9436854.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dingypower.com - Port:
587 - Username:
[email protected] - Password:
jbX^*F$1
Targets
-
-
Target
POKVRQ-9436854.exe
-
Size
870KB
-
MD5
eba4a8ee31a76a356ae1f470be0d80fb
-
SHA1
fe6f8361f0e425fc638cb33adb1bad603d8080e2
-
SHA256
68b6aee99f9d4bf184c77beacb3b8a418f84a7efa606e5bd7f4fd57edb904054
-
SHA512
63b515a3067a3f562945f399bacc7e6d73cac4d6b9622ee9c154eca86986851a8c5da27b67f70418a752c4f4749f804771ce559df5cd0178599660cd0faad0ce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-