General
-
Target
FIRST PURCHASE ORDER.exe
-
Size
714KB
-
Sample
200716-6p52pb6dgx
-
MD5
dbbac19cfd01ab4e759500a13168a30b
-
SHA1
71917c8765aaa6e2869cc1b949bfddf3580457c5
-
SHA256
fe41fe0b302887f61f20473015f386ab57ddb4cc278b3e1639c07337012a58f4
-
SHA512
caa08b928acff84a762f64c8c18c332db8f546d003085415560bdc265c3c90953d3e54da5e2031d188beca49e8c891966f8f8de66c8202928045acfd7d80d4ee
Static task
static1
Behavioral task
behavioral1
Sample
FIRST PURCHASE ORDER.exe
Resource
win7
Behavioral task
behavioral2
Sample
FIRST PURCHASE ORDER.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
[email protected] - Password:
AQL@2019#$
Targets
-
-
Target
FIRST PURCHASE ORDER.exe
-
Size
714KB
-
MD5
dbbac19cfd01ab4e759500a13168a30b
-
SHA1
71917c8765aaa6e2869cc1b949bfddf3580457c5
-
SHA256
fe41fe0b302887f61f20473015f386ab57ddb4cc278b3e1639c07337012a58f4
-
SHA512
caa08b928acff84a762f64c8c18c332db8f546d003085415560bdc265c3c90953d3e54da5e2031d188beca49e8c891966f8f8de66c8202928045acfd7d80d4ee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-