General
-
Target
3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150
-
Size
90KB
-
Sample
220121-z75j5abbh2
-
MD5
6c24b895b5e54e8a7ef3d11f4f18c381
-
SHA1
a87f1fdb2a4aa25f5d6b211ff4a7b6646ffca03a
-
SHA256
3d533cd7d00545ceec9bea14004c3e15891a769143f19009631068cea3acf150
-
SHA512
13d616e061094aa4c903b0a4f8e3ce6f3eb2a71b5b01787f8be999995af7dd921580a0155d50d6ba8a1128ba4390dfe39ebb443ab06b8158a3e1d402524740a0
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order PO20211027STK.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Purchase Order PO20211027STK.exe
Resource
win10-en-20211208
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.construccionsjpallas.com - Port:
587 - Username:
qualitat@construccionsjpallas.com - Password:
zXHR1YDJL5
Targets
-
-
Target
Purchase Order PO20211027STK.exe
-
Size
127KB
-
MD5
2f2102ec5776497950e89e419515efee
-
SHA1
1d3dd4ed88af22c3de29c918b37db6f0b73c94c4
-
SHA256
7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
-
SHA512
963b79cb63703ea6a6e8d70bbe76fadc660e10b801283a3812a76f773ee36210171437794dad0b4ee11e8a2f34645c88c7463526be03274ffdf48ec81823032a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-