General
-
Target
Purchase order. pdf..................exe
-
Size
607KB
-
Sample
211025-e24enafee7
-
MD5
e1bc68dcb1aa252386a6bcd772d7aad7
-
SHA1
cc22449b851c7048c79d5bc871c2a3357a8155e0
-
SHA256
877fbae1ee57fedd9ad5406e6ac3750f737dadc3ac6e2677f730b8e330fa6c95
-
SHA512
db5aa567e42f4f2f94a0dbc573dab33fd3d0af5262b46e2915fbad97769f35c3d2e634aad6b233e54febc52fc2f55a3ed36de73771cd780f4758dbd5d7ffd173
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order. pdf..................exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase order. pdf..................exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oxc-ph.com - Port:
587 - Username:
ammuntiveros@oxc-ph.com - Password:
oxychempassword
Targets
-
-
Target
Purchase order. pdf..................exe
-
Size
607KB
-
MD5
e1bc68dcb1aa252386a6bcd772d7aad7
-
SHA1
cc22449b851c7048c79d5bc871c2a3357a8155e0
-
SHA256
877fbae1ee57fedd9ad5406e6ac3750f737dadc3ac6e2677f730b8e330fa6c95
-
SHA512
db5aa567e42f4f2f94a0dbc573dab33fd3d0af5262b46e2915fbad97769f35c3d2e634aad6b233e54febc52fc2f55a3ed36de73771cd780f4758dbd5d7ffd173
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-