General
-
Target
8e58d31291e3928f6460f5445134b6058bc2341f072562f94d579707c72347fd
-
Size
584KB
-
Sample
220521-n16casedg6
-
MD5
946eca0506d6a069fa3f07701bd6f874
-
SHA1
2f29edae552478c0b02c3232aa382af405e5b32a
-
SHA256
8e58d31291e3928f6460f5445134b6058bc2341f072562f94d579707c72347fd
-
SHA512
25b6cb455f4b4b10d9be40c331ee51373981349e7f3690c90432cb756095c1d089ef7cc814aef9bc78b7483c6f54ce74f210be740402619c95fe92d32eea4ae2
Static task
static1
Behavioral task
behavioral1
Sample
New PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW203@Z7
Extracted
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW203@Z7
Targets
-
-
Target
New PO.exe
-
Size
1.1MB
-
MD5
e99872e364713d510326fa82f740264d
-
SHA1
2a972af33190859791109c4863d5dac0428b7c96
-
SHA256
be97c3f71385314e1d4da565788beba4633afd5d41c1a58eb3600b420becc747
-
SHA512
2df3982d0c867bb3e1598fe97d091488ded78f54ea372a3e0458c72652ae4b53fc07395924e741d5a5e59283c0159801777deb1f9577a88e1659e693b302ecc8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-