General
-
Target
PURCHASE LIST.exe
-
Size
590KB
-
Sample
201109-cb475aqk9x
-
MD5
e1f98f7e017936b94cc359e6770e48fe
-
SHA1
786ab55181313dc541041ea827c100a2784f0340
-
SHA256
3f9200a87696897a69831f7935e1b03d57cba602c3af6a526646503ceb47a90a
-
SHA512
b770682bfec89bb98a7ba53f1059802118285c78646d8166ae78f1923490e672bead2e71b0bfefd38e79e8ab41e7e727c60ddf615deedb3e033fe75de1931b7e
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE LIST.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
h.hennet@glovadus.com - Password:
kvpEP:8:w?z2
Targets
-
-
Target
PURCHASE LIST.exe
-
Size
590KB
-
MD5
e1f98f7e017936b94cc359e6770e48fe
-
SHA1
786ab55181313dc541041ea827c100a2784f0340
-
SHA256
3f9200a87696897a69831f7935e1b03d57cba602c3af6a526646503ceb47a90a
-
SHA512
b770682bfec89bb98a7ba53f1059802118285c78646d8166ae78f1923490e672bead2e71b0bfefd38e79e8ab41e7e727c60ddf615deedb3e033fe75de1931b7e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-