General
-
Target
PURCHASE ORDER.exe
-
Size
638KB
-
Sample
210727-dg9xnrkc12
-
MD5
e458f4c8559099c18a18e5ee20effb62
-
SHA1
e453882d7d6e754ee9641ce6fc587a2d2b8e57bd
-
SHA256
e9e38da2056d6738c63eceefe9351446dbfe92fd6d8651924875ef97af9efc1d
-
SHA512
32704cc8c326d7d620e2181216bdad82306ef2a62bdae7d038d5ec31d7333b68a5d96dd8c59cedac8050a95867181a8a182ecb8c2dbc36ed6d94cb2eec602df1
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.qwerrrty.us - Port:
587 - Username:
1stman@qwerrrty.us - Password:
4p(N#wZ]=7T98Hu)
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
638KB
-
MD5
e458f4c8559099c18a18e5ee20effb62
-
SHA1
e453882d7d6e754ee9641ce6fc587a2d2b8e57bd
-
SHA256
e9e38da2056d6738c63eceefe9351446dbfe92fd6d8651924875ef97af9efc1d
-
SHA512
32704cc8c326d7d620e2181216bdad82306ef2a62bdae7d038d5ec31d7333b68a5d96dd8c59cedac8050a95867181a8a182ecb8c2dbc36ed6d94cb2eec602df1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-