General
-
Target
Purchase Order No. XIV21623..iso
-
Size
330KB
-
Sample
211202-qkewhsbhe5
-
MD5
79ff89888ac3a107c83f2ca24038f738
-
SHA1
014e077286246e79413908e870696fb5baa444d8
-
SHA256
18f0a97d1e061b125f0777108a75de30309d7a264cdf26d76f712cbc5c6c1846
-
SHA512
f7a9e7e81893c32f33ef7b3ec1edb470108207ff82214254fc8806764d27ac0bd20a5ea5d0b4d44dbe4118e903c82d7a7337e0d6f6b5fae8d5ed9ac04d8958cc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order No. XIV21623..exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Purchase Order No. XIV21623..exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.peoplesource.in - Port:
587 - Username:
anjay@peoplesource.in - Password:
Admin@12345
Targets
-
-
Target
Purchase Order No. XIV21623..exe
-
Size
268KB
-
MD5
5e5c83d04f20a03826b8cd80d2c4a0b5
-
SHA1
840248f524917151d9b44dda32cbb32ab1fd7d80
-
SHA256
62c4b3a0c365726907f0ac94621c85f5c52056eb94653b151144cc841502e916
-
SHA512
3fa38c0033df01c29b376086df84fed1aa0047c7ce2de2ae2f7465c1ce12211613a7ed78e21a9f6810ebfe35acf713d1749c5f1f2e34f282f063399af0feee73
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-