General
-
Target
Purchase Order list order no. Hc511Uv7343.iso
-
Size
1.3MB
-
Sample
210728-mkdday95wa
-
MD5
94590d9e0ecb556024be3f4b5cc5bf37
-
SHA1
7e206ef85f65e81d9170cc32338ce0b32fa66e3b
-
SHA256
ea45a8f2cba4a4ce3ce9686f451ec7b846b276825b67824e9a10e6e87c927c6b
-
SHA512
8c300f5646a7f4756f86ded172d3f417628d9d894ca1472f4d22cb70ef6be46233a81066e885ccdf97b178ce0de59388582810eddc5f6850ae3834cc2c36729f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order list order no. Hc511Uv7343.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order list order no. Hc511Uv7343.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360
Targets
-
-
Target
Purchase Order list order no. Hc511Uv7343.exe
-
Size
1.2MB
-
MD5
69d72a180cbfcd23ba8e3381f1010600
-
SHA1
2047535b73f5282edee870bd8708edfa41a0828a
-
SHA256
63d8da7fd598da1f01f7fd40da021cf3a205e56efff2377291825c22fe9dfbc1
-
SHA512
cfd30d9fca791b9ef0d9b7e592ba6714f55311a18aba81dedec26b4cd18171f49de0520b3b62026bd7df239a95a1c0ec44a747dc3033bacfe76d5fc6ee066aa6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-