General
-
Target
Purchase order.exe
-
Size
487KB
-
Sample
211201-ttnfssdgar
-
MD5
6edcb0cc90c7c37a54da443354408fc9
-
SHA1
79191db9b9eb5a3fcffe4e01e5e78d5efca11acf
-
SHA256
0529d40fa3862effee179c50182e13cc40c69430faa45c92345e4ff3c70ff728
-
SHA512
668f80287ce6166a4921e6b9b55336ffb100d4237fd8d6f8d9e7d68320007924977f7bef0323d2b24e0aee083405a21275de95a5b421f63fbaad59a424544050
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Purchase order.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gcsenagency.com - Port:
587 - Username:
[email protected] - Password:
supt@3081#
Targets
-
-
Target
Purchase order.exe
-
Size
487KB
-
MD5
6edcb0cc90c7c37a54da443354408fc9
-
SHA1
79191db9b9eb5a3fcffe4e01e5e78d5efca11acf
-
SHA256
0529d40fa3862effee179c50182e13cc40c69430faa45c92345e4ff3c70ff728
-
SHA512
668f80287ce6166a4921e6b9b55336ffb100d4237fd8d6f8d9e7d68320007924977f7bef0323d2b24e0aee083405a21275de95a5b421f63fbaad59a424544050
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-