General
-
Target
PURCHASE ORDER SEELB435.exe
-
Size
463KB
-
Sample
211203-cn3j4adgaj
-
MD5
69d915d390d2a49b48a2a06eaa3fba07
-
SHA1
6d98e1bce382887011d2691d25dc71b05515004d
-
SHA256
df461f850794a76cdf05708ef171f683e525b2475b1befadc1bccf4571553f6c
-
SHA512
e5c273d04fdc950a0ea5196948e0fd4c592d92e0c5eb7e60f1c8088180c9dde69f96a7d388999993f8381c9d4fc0f37c316c4178836a2f9d6039b08b03fbee81
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER SEELB435.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PURCHASE ORDER SEELB435.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.furteksdokuma.com.tr - Port:
587 - Username:
gulnaz@furteksdokuma.com.tr - Password:
@Gulnaz159753
Targets
-
-
Target
PURCHASE ORDER SEELB435.exe
-
Size
463KB
-
MD5
69d915d390d2a49b48a2a06eaa3fba07
-
SHA1
6d98e1bce382887011d2691d25dc71b05515004d
-
SHA256
df461f850794a76cdf05708ef171f683e525b2475b1befadc1bccf4571553f6c
-
SHA512
e5c273d04fdc950a0ea5196948e0fd4c592d92e0c5eb7e60f1c8088180c9dde69f96a7d388999993f8381c9d4fc0f37c316c4178836a2f9d6039b08b03fbee81
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-