General
-
Target
ffbfe068c5b31147160c129b8f4a2e3c527f44d704f17dd1da69049d2e835334
-
Size
394KB
-
Sample
220521-bjyjxafabl
-
MD5
0436f7a55da88c4b9601bdefc1c770e9
-
SHA1
80afa1282d248fa7663a0d8d91864ac87f43bc45
-
SHA256
ffbfe068c5b31147160c129b8f4a2e3c527f44d704f17dd1da69049d2e835334
-
SHA512
6309416f05fefa4cfd3e3a6294c94b6d0b6318fd1d8b408f01a979cc462fd7f997fbf5075a6361992b636d94c18bc3f2325389b6ca814c254c1e5a8a625798e3
Static task
static1
Behavioral task
behavioral1
Sample
PO no. 0107-320804-1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO no. 0107-320804-1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
lDjuiSN6
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
lDjuiSN6
Targets
-
-
Target
PO no. 0107-320804-1.exe
-
Size
688KB
-
MD5
25ee8442205f13777e3b9b477f6e84e9
-
SHA1
8471ebfe5d87b9ceb30d5f6e93f22c1e14d0c28f
-
SHA256
45a0e874237e2b2ae5828e37fcf1600f44e35b5f90ebae5e56b42289bf9ce8b4
-
SHA512
e78d0a150764093c7d10f416930e35f117647a5da21d6a11a1f89e65ac20ac4b41f45723dbd5ed4a4927ce6672708cfbfd0351e9f90c8b7d82bab76575888cc7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-