General
-
Target
Required Purchase Order refe 73892000181901.exe
-
Size
636KB
-
Sample
210511-pk7vhvjd3n
-
MD5
551959b052a519efe0423cabf7d929aa
-
SHA1
49f73dedd4798c7932e16ecaefb5a4c05a44c012
-
SHA256
7f046625d94dd2d644426aa367b9dd655094a6eeb17a71554a8aa485ea74d6be
-
SHA512
e94ec24f4ee5804fa4309617aa7df61d50200b1a576c5e69f67e4c25a10d8db0b853b1730ff13e47dfd3cd125a2c85db1f55c09c04dd0bfb3b017892f2e67f75
Static task
static1
Behavioral task
behavioral1
Sample
Required Purchase Order refe 73892000181901.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Required Purchase Order refe 73892000181901.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.basariotomotive.com/ - Port:
21 - Username:
loguru@basariotomotive.com - Password:
CrYBE.}*Igsm
Targets
-
-
Target
Required Purchase Order refe 73892000181901.exe
-
Size
636KB
-
MD5
551959b052a519efe0423cabf7d929aa
-
SHA1
49f73dedd4798c7932e16ecaefb5a4c05a44c012
-
SHA256
7f046625d94dd2d644426aa367b9dd655094a6eeb17a71554a8aa485ea74d6be
-
SHA512
e94ec24f4ee5804fa4309617aa7df61d50200b1a576c5e69f67e4c25a10d8db0b853b1730ff13e47dfd3cd125a2c85db1f55c09c04dd0bfb3b017892f2e67f75
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-