General
-
Target
29dc47fe3796cc4368334067ebc7e991c18d947f6fed711f1517b8eb9f649539
-
Size
967KB
-
Sample
220521-mm3htacaf4
-
MD5
649f297f285e0c67750a1027ab81d47a
-
SHA1
1b05c56ff00294385e9e19fb9723f1a0493efb79
-
SHA256
29dc47fe3796cc4368334067ebc7e991c18d947f6fed711f1517b8eb9f649539
-
SHA512
343a825aefaf0569208e2df41e7f7d65ff871f4b196f7a5a8bd262894403ad99552fe4d6a1fa8d76b84db1fdd254179781f6a002cd8640ead3cbf17a3a92cbb3
Static task
static1
Behavioral task
behavioral1
Sample
PO# AO-20051.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO# AO-20051.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
ad%xWZ!7
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
ad%xWZ!7
Targets
-
-
Target
PO# AO-20051.exe
-
Size
1.4MB
-
MD5
3616e8ca06f3bf4b228cf0df374c40e0
-
SHA1
c8e04b090579368207a24c6cd191e86a0556379e
-
SHA256
574e8b859713dc8c690e0e1d2a0f6f9277a53582055170b59853b224c6d9434b
-
SHA512
c88f8d106bb369ad119ad64f66325bcac2a02e0cd8f802dbffc78f9ee111e5716a6b384c869023a49f25c98c4d6960235ab1443a0f0ffc7f19ac1bd7e4f5c477
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-