General
-
Target
cbb5708461a8021f7492766462fed7a13e7157cb51f11e85276bc57b41d23077
-
Size
305KB
-
Sample
220521-nzvt6sedb9
-
MD5
5831c0eb60ab56c7318067e6a318510e
-
SHA1
e08ad60ad34bbaea62e6a9d32d9006554b8663a4
-
SHA256
cbb5708461a8021f7492766462fed7a13e7157cb51f11e85276bc57b41d23077
-
SHA512
77924bb7d628b848ed6ea8f8c74fd1935b6f8fd9d6b3d96718ea2942ec05093efecd700024f9c7b6278d448b75848721f86d7c41411bc5b953e3bffe0f2ab2d2
Static task
static1
Behavioral task
behavioral1
Sample
PO NO 00009.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO NO 00009.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://b7d38dd3.freetzi.com/ - Port:
21 - Username:
b7d38dd3.freetzi.com - Password:
PNzwaBM2ztqp
Protocol: ftp- Host:
ftp://b7d38dd3.freetzi.com/ - Port:
21 - Username:
b7d38dd3.freetzi.com - Password:
PNzwaBM2ztqp
Targets
-
-
Target
PO NO 00009.exe
-
Size
493KB
-
MD5
a78f99ae2ff781bbcdde9ab8d6a0307a
-
SHA1
67c94c2224fbe7a53b97d56edd6dfb04958d5c8e
-
SHA256
c3180ff92fcee7ac1aad76d8fe18371a2ae6d0b5bac62da4547cc937dd5f9480
-
SHA512
fe8e24e7ecd456959209e7e3d471b50b12b0006e5844c0708952335f9cb86bfe5cd639660d407703a0673e706fba91186fc05e467c6db7fcc83322d6c990e280
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-