General
-
Target
Purchase Order PDF.exe
-
Size
132KB
-
Sample
211019-pnx1tsfgg2
-
MD5
0b6af7f7e122ffdb4824fad3a9a7c2a2
-
SHA1
4f26639628a2f0bf3d4602ba7dd1684c8ddd0cc5
-
SHA256
db33aea5405ccb66c1578eb678e078f33ad890a3b7b33074c61c9c76b0c2a69c
-
SHA512
9a52bec9f728e0778aa7d3e30293f9e0679e90427c8ef5b228f0efd485d4859c4c4531adaa16917af3cade6963cb4c2974cc0806287567f56fc75d55dcf7528f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order PDF.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase Order PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
[email protected] - Password:
VilaVrgade852
Targets
-
-
Target
Purchase Order PDF.exe
-
Size
132KB
-
MD5
0b6af7f7e122ffdb4824fad3a9a7c2a2
-
SHA1
4f26639628a2f0bf3d4602ba7dd1684c8ddd0cc5
-
SHA256
db33aea5405ccb66c1578eb678e078f33ad890a3b7b33074c61c9c76b0c2a69c
-
SHA512
9a52bec9f728e0778aa7d3e30293f9e0679e90427c8ef5b228f0efd485d4859c4c4531adaa16917af3cade6963cb4c2974cc0806287567f56fc75d55dcf7528f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-