General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.16745.exe
-
Size
1000KB
-
Sample
221003-e7874agcc6
-
MD5
4291bd1e611bd5a4862392229386151d
-
SHA1
6e1f7d19ef89dc72d1d8d6defc06ab58e9553962
-
SHA256
3b84b73506255cc004a7d907f244a6c4394adea87102125d1d5d44ea4857008b
-
SHA512
8d576ac5fb0f8c6c89c47196ff6f189b38efde99bafedf4ab4ae21ad9d33e7cf38566d77d4f00ae40e3ac4ea9f4356e8c2784c5cc54237337d673b51a367e898
-
SSDEEP
12288:OahrK4HTNv+z/MUH3RTh3RFd0b2+PT4loGXGt0cJexX9nv8nXk:PSMUHh9hFd0RPNGUWv8n
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.16745.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.16745.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.phossphea.com - Port:
587 - Username:
marou.ouerghi@phossphea.com - Password:
EpP@%mB2
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.16745.exe
-
Size
1000KB
-
MD5
4291bd1e611bd5a4862392229386151d
-
SHA1
6e1f7d19ef89dc72d1d8d6defc06ab58e9553962
-
SHA256
3b84b73506255cc004a7d907f244a6c4394adea87102125d1d5d44ea4857008b
-
SHA512
8d576ac5fb0f8c6c89c47196ff6f189b38efde99bafedf4ab4ae21ad9d33e7cf38566d77d4f00ae40e3ac4ea9f4356e8c2784c5cc54237337d673b51a367e898
-
SSDEEP
12288:OahrK4HTNv+z/MUH3RTh3RFd0b2+PT4loGXGt0cJexX9nv8nXk:PSMUHh9hFd0RPNGUWv8n
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-