General
-
Target
a51766265adaa32208a671686118aefe408d6b6dbe059d90721a7f6f655c89e6
-
Size
772KB
-
Sample
241001-bjdvhaxepb
-
MD5
41541aeb73f09ab91430c2af73d87adb
-
SHA1
81cfdcbcec7bd180a45789f61cb5046f752d522d
-
SHA256
a51766265adaa32208a671686118aefe408d6b6dbe059d90721a7f6f655c89e6
-
SHA512
a0a8736fbf7f82432308101b582381d437ca67c3499cfdfa0f42846d2de2aa7c0622192bfafaff764628cda71f7059b310949437cfd60deac0d8f9d004804665
-
SSDEEP
24576:2EwNrLI9DrDipUzlbRyHzurRYdj2w9J2IUq7QN/wNJ:2EoLmDrDZlbEz2RYdj2m7QN/2J
Static task
static1
Behavioral task
behavioral1
Sample
POLSKA ORDER.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
POLSKA ORDER.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agaliofu.top - Port:
587 - Username:
[email protected] - Password:
QPS.6YYl.Yi= - Email To:
[email protected]
Targets
-
-
Target
POLSKA ORDER.exe
-
Size
1.1MB
-
MD5
be568e9ada4c30192e3c7cd70832c0fe
-
SHA1
3a968539500ff66264094a1b3602ff968f0ea5e3
-
SHA256
4e6003b77cd84ef993df8a6d25b84af2ea485ec61c501b77dde3891ecf2ca2a5
-
SHA512
4f371de0f5acbb2996df2d7647a256b34ca2079a96cc81fc8610c87edc450b5c17776eb5b673aceca20b9e091f6df2c578bae63c124f4611bf1e223e1cac9a2b
-
SSDEEP
24576:rfmMv6Ckr7Mny5QUDNxl3J3fgORq3Xbmb7R4k6YUzL:r3v+7/5QUDzl94Oem+k+zL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-