General
-
Target
2aec1e691467e7f75f78a1a7aab2568d133e8df7bb96d696394476804614a044
-
Size
541KB
-
Sample
220521-nfq2waggej
-
MD5
8ab065e5cea4ce9c856b97a2a9221a4a
-
SHA1
aa2a1466b15e4b1c0d5b49d21176d3ea2962e3ed
-
SHA256
2aec1e691467e7f75f78a1a7aab2568d133e8df7bb96d696394476804614a044
-
SHA512
ce78b395712688a85ba2e963f641a37cbd5b6204bfe39f7ecf1b8d31cdab439735222f8a896032f37d8cc079a5dc7189b8b61a4d167bfedc85131c4772cd117f
Static task
static1
Behavioral task
behavioral1
Sample
Order-Po 463922900000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order-Po 463922900000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
aboy_origin@originloger.com - Password:
X3Sg3$?fl?ro
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
aboy_origin@originloger.com - Password:
X3Sg3$?fl?ro
Targets
-
-
Target
Order-Po 463922900000.exe
-
Size
745KB
-
MD5
5c471fd2fb9617ba41ab6a23eac80e0b
-
SHA1
aed65f0cb088517c57e6f2ff3187b812c74fce32
-
SHA256
cfdbaad170a7847c77fedbe9535a37a6d1107259c8e80f2c7e04a6b2895e86e9
-
SHA512
d10c7d9f128080efb8f0a4278fe75fc9505ddff829e96e3559c5ae86c37e3da512b763d826c6843030e145608c17e72437b4bcefa698d4b8b96a7fc98d4178a3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-