General
-
Target
Malware No Po.zip
-
Size
763KB
-
Sample
240518-1b13haha99
-
MD5
7fe38f866bdad793c6d0f3eedcf03a1f
-
SHA1
398ae89ceec7709a59f25430317b2069aad88b10
-
SHA256
6c6c3f47c2cc58b4490093a91b5fbc6ab048fa8ff5a50c7bbfff6c46764e3d66
-
SHA512
79246d3270e75efbf6ec97148740b287863aa4b55ae4b8ae39f048d3079f0b5a3e6e0594b41835188b2ad6d7da001f3b3f50211fb87871a1bfe1a16c6beac84c
-
SSDEEP
12288:IxgXo3qzZL50lWsdjPW1sgETvgqo/ej1WpIQRoJQwV4ZeaIqPgm0gAJTn/yefSgB:IGY3CL50FNPW1BETgf/iWUQwesa9YhKA
Static task
static1
Behavioral task
behavioral1
Sample
Malware No Po.zip
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
Malware No Po.zip
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
Oݬ8 8d New Po -7HY00589 RFQ-0424-135 05 -24 pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oxatis.com - Port:
587 - Username:
[email protected] - Password:
Sog1952 - Email To:
[email protected]
Targets
-
-
Target
Malware No Po.zip
-
Size
763KB
-
MD5
7fe38f866bdad793c6d0f3eedcf03a1f
-
SHA1
398ae89ceec7709a59f25430317b2069aad88b10
-
SHA256
6c6c3f47c2cc58b4490093a91b5fbc6ab048fa8ff5a50c7bbfff6c46764e3d66
-
SHA512
79246d3270e75efbf6ec97148740b287863aa4b55ae4b8ae39f048d3079f0b5a3e6e0594b41835188b2ad6d7da001f3b3f50211fb87871a1bfe1a16c6beac84c
-
SSDEEP
12288:IxgXo3qzZL50lWsdjPW1sgETvgqo/ej1WpIQRoJQwV4ZeaIqPgm0gAJTn/yefSgB:IGY3CL50FNPW1BETgf/iWUQwesa9YhKA
Score1/10 -
-
-
Target
Oݬ8 8d New Po -7HY00589 RFQ-0424-135 05 -24 pdf.exe
-
Size
1.0MB
-
MD5
707ff5d813d814fa2989bd8a4664258f
-
SHA1
393439231f83ecbe9aa6a81e74b460e7b7f217a5
-
SHA256
75c221ba937ac5b43e8e44d0e5e311bf7ad7105df44a7b09e073a224e9a7c3a3
-
SHA512
34565d6f74de5f97045afe56aa1d612dc11f02b374a37ae769439984c0a04ecfd748813c081445336d63eaca3eba9a9250d618cdc7b0fa153612faf1187ab3e8
-
SSDEEP
24576:8RUNoVV7+21VERgf/UWgQwoM4tKFMkzl/5A9:8Wqr7++SWf/UW3wNrFzzla9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-