General
-
Target
purchase order.exe
-
Size
440KB
-
Sample
211020-sylx4aabcn
-
MD5
b57085c23e5029e538811623864d9373
-
SHA1
cd89d4b32fad0b8fbbf3a266b6da6837f776dbd0
-
SHA256
ffb871cdd407615d8113f1db5ecbf2e6fe02045e08d3d059d420e23f5f212a9d
-
SHA512
5dcce01b20f8ab3dc2ab5570813926e368b2c585f0c5067c5ecf28a95984845f7c87b1adfd632a8ab4b2987973725ec1ba2ad5f80fbad03e530e5fe7a6b2b60a
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
purchase order.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.supersigns.com.mx - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
purchase order.exe
-
Size
440KB
-
MD5
b57085c23e5029e538811623864d9373
-
SHA1
cd89d4b32fad0b8fbbf3a266b6da6837f776dbd0
-
SHA256
ffb871cdd407615d8113f1db5ecbf2e6fe02045e08d3d059d420e23f5f212a9d
-
SHA512
5dcce01b20f8ab3dc2ab5570813926e368b2c585f0c5067c5ecf28a95984845f7c87b1adfd632a8ab4b2987973725ec1ba2ad5f80fbad03e530e5fe7a6b2b60a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-