General
-
Target
PO- 220135.exe
-
Size
1.1MB
-
Sample
240912-ggvywstgme
-
MD5
f3b6edc157a9bf4739a2cd81ef965f42
-
SHA1
39b19c8d3b2dc0011b48b577934856f5ecc82018
-
SHA256
e7c841bd477f348f63837d9a22dd98f214912483681d62383d2a5636ec98411a
-
SHA512
d7236c3d42f2b72b281404c44ec67dce17f190c38d6ec7a00c220070a3993bef83828229f0112ee3a69a29810336d779ca1c317138b667291c267522edbf2300
-
SSDEEP
24576:y4lavt0LkLL9IMixoEgeaLs6rB4RLBugOxA2mq9MmCS:lkwkn9IMHeaLQLBugOSdaPCS
Malware Config
Targets
-
-
Target
PO- 220135.exe
-
Size
1.1MB
-
MD5
f3b6edc157a9bf4739a2cd81ef965f42
-
SHA1
39b19c8d3b2dc0011b48b577934856f5ecc82018
-
SHA256
e7c841bd477f348f63837d9a22dd98f214912483681d62383d2a5636ec98411a
-
SHA512
d7236c3d42f2b72b281404c44ec67dce17f190c38d6ec7a00c220070a3993bef83828229f0112ee3a69a29810336d779ca1c317138b667291c267522edbf2300
-
SSDEEP
24576:y4lavt0LkLL9IMixoEgeaLs6rB4RLBugOxA2mq9MmCS:lkwkn9IMHeaLQLBugOSdaPCS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-