General
-
Target
Purchase Order dt 18.19. 2021.zip
-
Size
101KB
-
Sample
211019-d4r9qsgahq
-
MD5
a743f1e15a9b879774f514c847b01692
-
SHA1
94835fab270ff1a648e5fc766319d03a5bb9c115
-
SHA256
77d9c6cab92d3f2ab2a99f1f6fc4a2e573b0589d7b524b6d79ae573fffaf0de3
-
SHA512
ebae861e3c8d6d70bcda091141bd5dfc62dd5698e68701a56314fcb7c3d74b0046739eb14fb98cd02e49902ea1d6a249ddf4154571ed6a0e59330afaf89bf510
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order dt 18.19. 2021.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase Order dt 18.19. 2021.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1481923647:AAGiBTAuCt4mxLt_RWPYNlSpw01yplTkoZI/sendDocument
Targets
-
-
Target
Purchase Order dt 18.19. 2021.exe
-
Size
129KB
-
MD5
2797c66fef6b7a39fa7333cca468eb02
-
SHA1
7b15eb0f0725320b7f0ef32acd1535255b89bc2b
-
SHA256
9cca70423e0b22c6ffa39388a06346804a869e392cdf0cbe7ec9905db30bbcf3
-
SHA512
aa0c9f8f595068a1ef9dcb5273fe69bade86dc2aaab148b1bcdd86321987075b6529bf888c65317c7a492315314101036dbbf1da9275af5597df128031828eb3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-