General
-
Target
c6c67563bb67ae512695356bf12e3eed7a52da8dab9a6b7fc367372e647f616e
-
Size
444KB
-
Sample
220521-pftnfafca2
-
MD5
60779fd2a6123ab393e4c4c25b7d36a8
-
SHA1
f9642bccde751d21efbedc162567399221920aa7
-
SHA256
c6c67563bb67ae512695356bf12e3eed7a52da8dab9a6b7fc367372e647f616e
-
SHA512
adacb9f7aebb1a1196792fdab89a47b8d584bfdb6842588edbfd1423dbb7e28e53666fbba14fbfb3ab3d77a038436661e6036015ba4f648fabacd77f50aa9d9c
Static task
static1
Behavioral task
behavioral1
Sample
PO105498-A.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO105498-A.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
wandony@intarscan.org - Password:
church12@@
Targets
-
-
Target
PO105498-A.exe
-
Size
519KB
-
MD5
29dca28c8209a5bd4d46bf3c48e3e2ad
-
SHA1
54e871b99718503cda70f9be66095f2147e8bde3
-
SHA256
9342de1250a6b83e6f968614a6f69fabcf7df41ddcb7b5f9a4a0bab094ab7d16
-
SHA512
8ca849f89021f9a3c5d47249b180359003ded4ada23beffea409386c44f6d228bd6957906c4cd1bf02be9b4d43e9b5cba5b22853c52d0865e407cb1bf7ddfbc8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-