General
-
Target
Purchase Order_104387.ace
-
Size
295KB
-
Sample
211014-f5eq5sgcd3
-
MD5
8511833870ec85c3e1c891d4506c4749
-
SHA1
1bb2ac339ea17fd3883f710105e2a5d353815d47
-
SHA256
46d767d8823f727ca63f945df7b4f195946718166d4269bc1994f558daa56ce9
-
SHA512
7d89bf3db874bd362bb6cbbe16894503e2f22e33c04bfca8daef9b079309635bd5b2faf8dcf5dad4b130f673fba04cfff9f11ad21e402f9dd8334fd022df952a
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_104387.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order_104387.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2017480070:AAEhICR2Yy5NwasA-Cw1qaDJiUj6zxLU08M/sendDocument
Targets
-
-
Target
Purchase Order_104387.exe
-
Size
10.0MB
-
MD5
74bd055b47476e3e151a937dcd4bd3dc
-
SHA1
5704a5e3a967a004b30408ed86774cefe6e6de31
-
SHA256
efaaf6c3c366861beab445a96d8d463d7e461506f86f153acd3e0ed0e635b2b7
-
SHA512
981ce06d17ac108de7d7a997c2ca6697e9923968c3c20db81a2224093a5573bf0de48bd0d65db31f1481a22b73ca49ec2b6116acb19e7906f7780b60a5a6de44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-