General
-
Target
Purchase Order_P2C017400.7z
-
Size
792KB
-
Sample
210421-s4x52we53a
-
MD5
aa9a3ddccc0ca7988570e1c28d19d92c
-
SHA1
0544760a8ed8f9cb39275507008c5fdeb22a678c
-
SHA256
3eae1597c4c58b77e8031b3d272624ec32e16fcfa5095d626925cda7c4846cbd
-
SHA512
d13c535c061574e0b0304693bdd42416781a6371a9e9bd11c5ef34851c07dc528fa4131aed0603610f65d75a5b8d9e19cd0d064b42dd18edd1664bfff51c941a
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_P2C017400.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order_P2C017400.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
jg@mdist.us - Password:
Jg#4321
Targets
-
-
Target
Purchase Order_P2C017400.exe
-
Size
1.1MB
-
MD5
464f7da3da9b44d00b0c7b5f23e69bcb
-
SHA1
669e84965dcfcd23e15f33e4498ef93657ac86b0
-
SHA256
f39980b6f513345fde2aad18cb790595c8cb64139cb0aa1686d6c4e7c8b24e2b
-
SHA512
5a2703ed2f667edec8ce11ed725d1f21af6db67edb32fee7a2ddd342c1e05bb7e352fefd4d1d933eb94fbe99032a09534c5d3d0af6e0739e339b9b2822a62700
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-