General
-
Target
cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd
-
Size
390KB
-
Sample
220521-bz81kscge4
-
MD5
62e0c48ee2193489045cf2f4e2fcdb7a
-
SHA1
58f2d6db596f680b5ced922fd2d16eb587841682
-
SHA256
cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd
-
SHA512
dc6f001cd20b050dee77d9350ffedb44bec1ef9c64ff21cc7d376571a8df9761807a468e23cf8e6820c0a5fa7e358b7f275a26ec38058ed1b3738d651293c970
Static task
static1
Behavioral task
behavioral1
Sample
PO#90126734.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#90126734.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.spamora.net - Port:
587 - Username:
[email protected] - Password:
dada123456
Targets
-
-
Target
PO#90126734.exe
-
Size
534KB
-
MD5
9eeaeaf87c06004b295ca1b8f395f00b
-
SHA1
62812b66b9fc9b7e7febe01c7b7280628ff18846
-
SHA256
d15622eadc7b798a496f5f524543a69c63da3f7f56e3bb01fcf83fa85e2ae549
-
SHA512
0dcae439c03b84406c1697540454d9eca9608f85ee2d1ed7b678a6974c7986fe0f1e236ba76a33e0b226c49a1f8421efc9f868c00875711cf7bb2a5f528362d5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-