General
-
Target
Orden de Compra -AR95647.exe,pdf
-
Size
499KB
-
Sample
211201-xsmpnafbbn
-
MD5
b78d79171c13865b852b4460305c1627
-
SHA1
d0e47aab1ffe61e6292813cafdf110c5c506212c
-
SHA256
8ad914219379a6db831fd45a793fd805285d7d213efe2eff0dc638560fc5e436
-
SHA512
cd96ad37eeafd8ab70b044b97b2a4c785f67981c616680484c12279f2fb2187d35a7c34489f350cc52ad20b3e5833127ce8fa3a3029ec2d24b348490f7c11417
Static task
static1
Behavioral task
behavioral1
Sample
Orden de Compra -AR95647.exe,pdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Orden de Compra -AR95647.exe,pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
https://www.mgbless.in/onyi/inc/e905e73e27199d.php
Targets
-
-
Target
Orden de Compra -AR95647.exe,pdf
-
Size
499KB
-
MD5
b78d79171c13865b852b4460305c1627
-
SHA1
d0e47aab1ffe61e6292813cafdf110c5c506212c
-
SHA256
8ad914219379a6db831fd45a793fd805285d7d213efe2eff0dc638560fc5e436
-
SHA512
cd96ad37eeafd8ab70b044b97b2a4c785f67981c616680484c12279f2fb2187d35a7c34489f350cc52ad20b3e5833127ce8fa3a3029ec2d24b348490f7c11417
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-