General
-
Target
51198799f4705842d5879c1ac0ccc8f5
-
Size
251KB
-
Sample
220927-yzj3safeeq
-
MD5
51198799f4705842d5879c1ac0ccc8f5
-
SHA1
3c9c45e7ee9df110fa7a29cd78748721e3083fdd
-
SHA256
7a1fb4cce19327a1cd6aecd31f14f0cb0a489e0d0a8329ae90517279bc11fd10
-
SHA512
daa86a14391daa4abaaae80f02410eb2067dcdf102bb7a8d568efa065c574e5c462d5bc1204394833556a2e79ee520b07db62484bdcafcd85a4619f07382e8b9
-
SSDEEP
6144:Fd6MRVXlDp2IokkdRebXPrkkH6NxjU4VxHJpac8Gwj:P5RVXlkIokkrQPfHGxj5G
Static task
static1
Behavioral task
behavioral1
Sample
Payment PO-2062409102_GTE_2022.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment PO-2062409102_GTE_2022.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nutiribio.com - Port:
587 - Username:
[email protected] - Password:
zGNVO(l5
Targets
-
-
Target
Payment PO-2062409102_GTE_2022.exe
-
Size
233KB
-
MD5
e81987197d93779970db5d289aa37a98
-
SHA1
9ea755dadf00a2305bde1813f05dd20c9d9739a5
-
SHA256
8c7a7cd8e6e436f78fffcb7fcdc970a98dbdb2fa8a784d81b3efd7c3fd4e25b1
-
SHA512
e102e6c653de57474f74d468cd489eed05336c1196bb007b2da4840df491391e620cd5d533ba3f1f01ec6edbf129005466ccb4565e97655e155c17b83fe78fb5
-
SSDEEP
6144:SGoH0faCCduMU9YrSVIxPLp7drKBKa5Wj:/MlVMVKs0PL9hKpw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-