General
-
Target
_Purchase Order copy.7z
-
Size
1.0MB
-
Sample
210423-6hkg87sxma
-
MD5
ca2187e6243fb81d0961a7cf0904ecaf
-
SHA1
282c9be9de4ced8922d2e5e784784fe0ad61dc9b
-
SHA256
9fb53efacb972ea3da3460f7985174efc41d3b8e2f4527aecc57c0404bf4e27e
-
SHA512
e211c7a220b2c4dc16c5969eaf88056dcf74d653332b054f99c6561469cdf2be844d2815150fbe56b0b9902cc29920a15b2b982ad20ba5244fca5cbf92086023
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order copy.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order copy.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
jg@mdist.us - Password:
Jg#4321
Targets
-
-
Target
Purchase Order copy.exe
-
Size
1.4MB
-
MD5
1f78302367062565a269db810ef754c2
-
SHA1
69e53724804535362ee687bfa37059f965eb7931
-
SHA256
71e6c949b0e259018b39ad513305c9197afe74c9d68119db8e6e545c74ceedcb
-
SHA512
874815ad70c20b9e33dd09e2701d5b630c8ecb354d42e3bacf3e9864f752274da3db654d3bd29711a47afa73e7f3203c233fc8f1b2bc404d596537e918a2eb06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-