General
-
Target
7fcc7dbe57a4045b1566788a242f89dfe4d971d63e7154b6e697b848594eff26
-
Size
554KB
-
Sample
220521-pwakhagaf8
-
MD5
e988fe354986a1b9f4af998f6dd0ab56
-
SHA1
11f7c99f34bd92158450da0b282b15cb7ac2ccb6
-
SHA256
7fcc7dbe57a4045b1566788a242f89dfe4d971d63e7154b6e697b848594eff26
-
SHA512
b731b3d080edb28ebc0347f252d7d852671e8c208f6b65f089a85027d82e12531d63d559417093536ff9bffe0d1d65c5feebf782c53644dca7454d2f2e51ac3b
Static task
static1
Behavioral task
behavioral1
Sample
PO-Jiehong20959481.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO-Jiehong20959481.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@mafo.cc - Password:
success21
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@mafo.cc - Password:
success21
Targets
-
-
Target
PO-Jiehong20959481.exe
-
Size
665KB
-
MD5
ff286368558ae7854524c438ad15702b
-
SHA1
d15e322714b7c85266ea053c535ff73f4349476a
-
SHA256
b642527e686b781a602fb322e7d34d0f18748778de42a0e3774d9990a71e2c92
-
SHA512
cc97e0232e3537929c8ba50eabb2f61ecc0cb29faac8ed970fd632a8784d4c789b3964f5a141d98667bf8379846b281bda0f0c29d872a50a3612d513de572f96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-