General
-
Target
PO 5326976.exe
-
Size
320KB
-
Sample
230328-caxfxsgd38
-
MD5
3e156414a3514dc7228eb4ff71f0c730
-
SHA1
8f5929d4b6dac662c5044b9ae372bd1e3b13fd1d
-
SHA256
af9516862a7fd0fc54b7979064e75a5a8d1aa908ece62eec5900581ca90bd339
-
SHA512
7eedb72e9a90840de075028904b250852f33e13388cb97e283dbe8ae6f69d01db1fc9526a46c67f2610263a88ebd1f89b3d6cef86902419d8ff8913df8ce39f0
-
SSDEEP
6144:/Ya6dCELRWDCnUWTrucf1Kwkb3v04WSIEwi8tgFC:/Y/CAB3FFkb37WSAjes
Static task
static1
Behavioral task
behavioral1
Sample
PO 5326976.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO 5326976.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
PO 5326976.exe
-
Size
320KB
-
MD5
3e156414a3514dc7228eb4ff71f0c730
-
SHA1
8f5929d4b6dac662c5044b9ae372bd1e3b13fd1d
-
SHA256
af9516862a7fd0fc54b7979064e75a5a8d1aa908ece62eec5900581ca90bd339
-
SHA512
7eedb72e9a90840de075028904b250852f33e13388cb97e283dbe8ae6f69d01db1fc9526a46c67f2610263a88ebd1f89b3d6cef86902419d8ff8913df8ce39f0
-
SSDEEP
6144:/Ya6dCELRWDCnUWTrucf1Kwkb3v04WSIEwi8tgFC:/Y/CAB3FFkb37WSAjes
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-