General
-
Target
Purchase Order 5390.exe
-
Size
439KB
-
Sample
210215-m368w576ye
-
MD5
09ee0caf424df3b1070a23913fe3d016
-
SHA1
75edbc9eff06d5d15c907338c24ed6c2fcf58d61
-
SHA256
2732029a466cf6c066f468d43b058d2ccda9d0681f73e22f091bd2cf6372c9b1
-
SHA512
0d996f5ed0748fd8322ff7adbacd54f7b0f66f0b8d5944ab42eb2a5166e00aef074155f00a45cc00f8d576f2e87071a68c8ec111cf07b5477c77b94448519f87
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 5390.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase Order 5390.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1463238323:AAGtI1JM_Kj38d1Y2cvi15DJ_j42pVQvMNI/sendDocument
Targets
-
-
Target
Purchase Order 5390.exe
-
Size
439KB
-
MD5
09ee0caf424df3b1070a23913fe3d016
-
SHA1
75edbc9eff06d5d15c907338c24ed6c2fcf58d61
-
SHA256
2732029a466cf6c066f468d43b058d2ccda9d0681f73e22f091bd2cf6372c9b1
-
SHA512
0d996f5ed0748fd8322ff7adbacd54f7b0f66f0b8d5944ab42eb2a5166e00aef074155f00a45cc00f8d576f2e87071a68c8ec111cf07b5477c77b94448519f87
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-