General
-
Target
9afc2fa4e67dea5b4fef247dfd34d08a50879394699fe755776d9a2899aa33c3
-
Size
447KB
-
Sample
220521-cxx1zahgar
-
MD5
6eb2dc34a1319d0c8087ffa30cf6bcbc
-
SHA1
f177a599b0196e68ea5c75127ba98dbf18745981
-
SHA256
9afc2fa4e67dea5b4fef247dfd34d08a50879394699fe755776d9a2899aa33c3
-
SHA512
434bf34ff4c7ad64ee5b418c9966260a732a015571d02d83d34f60ae61b9df1420f7971813f67ad9e0b56f775b8d95ff4507dbdba6d3c6c8ae80a5338d641221
Static task
static1
Behavioral task
behavioral1
Sample
MV PLANA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV PLANA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure197.inmotionhosting.com - Port:
587 - Username:
[email protected] - Password:
GL@123456
Targets
-
-
Target
MV PLANA.exe
-
Size
660KB
-
MD5
e815ab91c568fe5b40aeb71301c509ca
-
SHA1
0333ba1af023b094223022861296e5c9e99bd25c
-
SHA256
d573e471f9c3e98bc9b75511bbf482780d21789811cc46d8170b2f0dbe03c33a
-
SHA512
6aefdfd2758c88fb192c1eb6467298504e9dc6777b950a80c2e82fcdec9d59a0fbb3f83112097893bf94c9ea7e09c4705b91a9cc41532821e4799196dae267a5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-