General
-
Target
Purchase Order_P2C017400.exe
-
Size
1.1MB
-
Sample
210421-ct7vfgpdf6
-
MD5
464f7da3da9b44d00b0c7b5f23e69bcb
-
SHA1
669e84965dcfcd23e15f33e4498ef93657ac86b0
-
SHA256
f39980b6f513345fde2aad18cb790595c8cb64139cb0aa1686d6c4e7c8b24e2b
-
SHA512
5a2703ed2f667edec8ce11ed725d1f21af6db67edb32fee7a2ddd342c1e05bb7e352fefd4d1d933eb94fbe99032a09534c5d3d0af6e0739e339b9b2822a62700
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_P2C017400.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Purchase Order_P2C017400.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
jg@mdist.us - Password:
Jg#4321
Targets
-
-
Target
Purchase Order_P2C017400.exe
-
Size
1.1MB
-
MD5
464f7da3da9b44d00b0c7b5f23e69bcb
-
SHA1
669e84965dcfcd23e15f33e4498ef93657ac86b0
-
SHA256
f39980b6f513345fde2aad18cb790595c8cb64139cb0aa1686d6c4e7c8b24e2b
-
SHA512
5a2703ed2f667edec8ce11ed725d1f21af6db67edb32fee7a2ddd342c1e05bb7e352fefd4d1d933eb94fbe99032a09534c5d3d0af6e0739e339b9b2822a62700
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-