General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.5152.22186.exe
-
Size
752KB
-
Sample
221129-jgd2gsce6x
-
MD5
1d67fa81fe2db1c22a732922a0156974
-
SHA1
71c8984a5cfcb1d1fbe918128bb2186d22afa83b
-
SHA256
da0cd9ef9c9d409ee82e7d6e2ac1e06a806c128b2ea97ecc80443ceddbea04ab
-
SHA512
4408c56538bcdcc251118d3fd8c9e5deb752f3c988ce42252782042cf5b3a5e8dc0caa4e4aa1ec398bdb7f471d8397c8647e47ad11a424b2c67b106bc177db10
-
SSDEEP
12288:2mlujzwC3ckxlQ1too9zpC7odQ+6Hrv5AKSfmfRMEalkVYzbbQjevXGhGj:2mlujzwC3xxq1yszpCkfcSfAVVYvbQwz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.5152.22186.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.5152.22186.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.akademetre.com - Port:
587 - Username:
[email protected] - Password:
st6473
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.5152.22186.exe
-
Size
752KB
-
MD5
1d67fa81fe2db1c22a732922a0156974
-
SHA1
71c8984a5cfcb1d1fbe918128bb2186d22afa83b
-
SHA256
da0cd9ef9c9d409ee82e7d6e2ac1e06a806c128b2ea97ecc80443ceddbea04ab
-
SHA512
4408c56538bcdcc251118d3fd8c9e5deb752f3c988ce42252782042cf5b3a5e8dc0caa4e4aa1ec398bdb7f471d8397c8647e47ad11a424b2c67b106bc177db10
-
SSDEEP
12288:2mlujzwC3ckxlQ1too9zpC7odQ+6Hrv5AKSfmfRMEalkVYzbbQjevXGhGj:2mlujzwC3xxq1yszpCkfcSfAVVYvbQwz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-