General
-
Target
PURCHASE_ORDER#648190121.exe
-
Size
708KB
-
Sample
210119-kz5bf1wars
-
MD5
138cb27a71d15bc43984cd355b612dfa
-
SHA1
a51a3fd810e590db92a14dc44ab477c5cbc9a43a
-
SHA256
823ac795c82f035c86b71f68c8e77eea1ef916c77502d78fc2081d3fd660cde0
-
SHA512
e0d52655a0ad6224d7edabc020e5fee9777ff96a8b8e0b664e17a9859d2edfaa583ed85aa11fa10df3900b46ff0ca889d2ba1999b8f0d2f132bfbae32840033b
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE_ORDER#648190121.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PURCHASE_ORDER#648190121.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.truefinesse.co.uk - Port:
587 - Username:
crdett@truefinesse.co.uk - Password:
yes@@@yes23
Targets
-
-
Target
PURCHASE_ORDER#648190121.exe
-
Size
708KB
-
MD5
138cb27a71d15bc43984cd355b612dfa
-
SHA1
a51a3fd810e590db92a14dc44ab477c5cbc9a43a
-
SHA256
823ac795c82f035c86b71f68c8e77eea1ef916c77502d78fc2081d3fd660cde0
-
SHA512
e0d52655a0ad6224d7edabc020e5fee9777ff96a8b8e0b664e17a9859d2edfaa583ed85aa11fa10df3900b46ff0ca889d2ba1999b8f0d2f132bfbae32840033b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-