General
-
Target
ea936b93678cf990f6cb8b9237dcb9b4b0e116bdef77c833be6c4982a5dbfcd3
-
Size
415KB
-
Sample
220521-nyr2wshdgm
-
MD5
62d6a932c359f2601d3623b4529ae567
-
SHA1
1f475dcd05a7ad3aea2046e16324f2e86cb0f7b8
-
SHA256
ea936b93678cf990f6cb8b9237dcb9b4b0e116bdef77c833be6c4982a5dbfcd3
-
SHA512
175ca9046b2f55364347a4d06d6e9df4ad027597d24bae268bb3d351ef0e0a9b5ccb53d7a1d5a90729112fa9feee34b38480f38f9a3c9c984e693c4f3931ea3f
Static task
static1
Behavioral task
behavioral1
Sample
PO Copy No.ASPO392020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO Copy No.ASPO392020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
PO Copy No.ASPO392020.exe
-
Size
651KB
-
MD5
59b7349d2dced1f7892982c2968598ea
-
SHA1
bbe762cd13a63cba482e97a9661eeb5ef30fcc1a
-
SHA256
ab7a9784eae0a5f3053cc22117b99f99e5a3e751b0ad402d7d1da3f48e48f8db
-
SHA512
00d6170582700980e971a59d1562baf531efa562dd25b40a36e57d3994ade90c396913c035208facb03196c1e9c306209e0e123b663b55ea7a476fe867421ffd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-