General
-
Target
Purchase Oder.exe
-
Size
430KB
-
Sample
200712-wsg4xgfhgs
-
MD5
baaf22c14b3b7f5a5a67d02abf6fce2f
-
SHA1
19da6834ac6d6a107ffb7623ba1147eb362e5db4
-
SHA256
ca38289752e799523d0031fd56900abe2f43d0c2c0eee48f010728c6a22959ff
-
SHA512
33d6d910d04a9ea6368ca652df791ff7d576c129befff5e03c1ca2f8bc78e30913e79629c850e141a70522bbd7e3d7e64a703e30487d56c67487b21111b2b2c2
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Oder.exe
Resource
win7
Behavioral task
behavioral2
Sample
Purchase Oder.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tsa.ae - Port:
587 - Username:
tsabmw@tsa.ae - Password:
HbtBd3(_ZSvL
Targets
-
-
Target
Purchase Oder.exe
-
Size
430KB
-
MD5
baaf22c14b3b7f5a5a67d02abf6fce2f
-
SHA1
19da6834ac6d6a107ffb7623ba1147eb362e5db4
-
SHA256
ca38289752e799523d0031fd56900abe2f43d0c2c0eee48f010728c6a22959ff
-
SHA512
33d6d910d04a9ea6368ca652df791ff7d576c129befff5e03c1ca2f8bc78e30913e79629c850e141a70522bbd7e3d7e64a703e30487d56c67487b21111b2b2c2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-