General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe
-
Size
817KB
-
Sample
221129-w6ltvaha91
-
MD5
f976242274e3a8b6859f43212321e5cd
-
SHA1
4de5d552dd1a3a7e2eb57a831d1819ada42b53ae
-
SHA256
49aa45b9a4eb9642dc458e079196600823bc99b49c9003b4327261ba47b3ae7d
-
SHA512
de657d8cb7ee401139a414964c333053bc6570e1d29b4125cdc440dc61637b0597ee4c1bb0eafd5a8855727bc6089430e3b80c457c6c5a19ce1ef2f769957b80
-
SSDEEP
12288:oOvpYqjMN+3gYffB411R77TeB3EqcDFRLJtXsxFXynzw5tkD3twn:3Yqy+t8N7qNEtFRLJtXsxkc5aD9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.obynnehhhan.com - Port:
587 - Username:
info2@obynnehhhan.com - Password:
G$MUuYG3
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.3512.499.exe
-
Size
817KB
-
MD5
f976242274e3a8b6859f43212321e5cd
-
SHA1
4de5d552dd1a3a7e2eb57a831d1819ada42b53ae
-
SHA256
49aa45b9a4eb9642dc458e079196600823bc99b49c9003b4327261ba47b3ae7d
-
SHA512
de657d8cb7ee401139a414964c333053bc6570e1d29b4125cdc440dc61637b0597ee4c1bb0eafd5a8855727bc6089430e3b80c457c6c5a19ce1ef2f769957b80
-
SSDEEP
12288:oOvpYqjMN+3gYffB411R77TeB3EqcDFRLJtXsxFXynzw5tkD3twn:3Yqy+t8N7qNEtFRLJtXsxkc5aD9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-