General
-
Target
FO16620 REV2..exe
-
Size
818KB
-
Sample
220930-m39xtsdda8
-
MD5
675b413dbeca498c9576f411f9e76f04
-
SHA1
1ffec2d04082264a97a6c52e2018e296daa33eb6
-
SHA256
3458a12af00a30801c5cc34eaa96c71839fcbb3703a7737294923d093ca155b6
-
SHA512
2f8215e0ce2039c3229ecdb2e541d175226391538c76ea19d94195c2a28d616886d222934a82bce485bc80cf8cfa2fa983d7704a26a4072521886728d6a476a9
-
SSDEEP
12288:z02iNZA9kfzCJadgNxO8y1aZoBjlpyhUlSFOYuwXp34:w1YYzYigNxO80aylnyGlyOYx94
Static task
static1
Behavioral task
behavioral1
Sample
FO16620 REV2..exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
FO16620 REV2..exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.hemegas.es - Port:
587 - Username:
[email protected] - Password:
@Bastilipo1
Targets
-
-
Target
FO16620 REV2..exe
-
Size
818KB
-
MD5
675b413dbeca498c9576f411f9e76f04
-
SHA1
1ffec2d04082264a97a6c52e2018e296daa33eb6
-
SHA256
3458a12af00a30801c5cc34eaa96c71839fcbb3703a7737294923d093ca155b6
-
SHA512
2f8215e0ce2039c3229ecdb2e541d175226391538c76ea19d94195c2a28d616886d222934a82bce485bc80cf8cfa2fa983d7704a26a4072521886728d6a476a9
-
SSDEEP
12288:z02iNZA9kfzCJadgNxO8y1aZoBjlpyhUlSFOYuwXp34:w1YYzYigNxO80aylnyGlyOYx94
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-