General
-
Target
New Purchase order.LZH
-
Size
539KB
-
Sample
210423-tw4jszbk3j
-
MD5
be43036aa7da0cc6dcd6e3a7dba9da83
-
SHA1
05ee4c2b7d8219353215534a1755847925981c05
-
SHA256
55aaf32909e7d338e399e705c2d2e84ebc2554483643500313036486759ca3ec
-
SHA512
e89fc67a680cec0664ec62901d26f5f1ea637f1771f86e6f089960bb314420190f65a8bfaa8faa254cbef9f68108c3d5b97606b66089b32c6e00e4b237a248c2
Static task
static1
Behavioral task
behavioral1
Sample
SAZ404948555.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SAZ404948555.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itzayanaland.com - Port:
587 - Username:
newsecurity@itzayanaland.com - Password:
1=9pEelVbzv{
Targets
-
-
Target
SAZ404948555.exe
-
Size
610KB
-
MD5
a787cf367bb9eb8f267bd476c9ea0430
-
SHA1
c358646207892df0a68f72388f9e9e49425521e2
-
SHA256
7c48cfcbf8e1ce28755ac72d03f072723dddd1a87eb27756075c7c54cf0129ba
-
SHA512
830035663ffc1bbf19faadd3751de310d39eaf199c58b1744183e4a7319171b606129d86844a1bd4be5780ef11df604034ca1e02a3738b3ea4bf38ffb43a0901
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-