General
-
Target
ceff414fdb663579196bea272215d1a62f84ea60ebe5da6d6b140b3de0dd9f39
-
Size
615KB
-
Sample
220520-18xfksehc6
-
MD5
263d031d2c86858d0004cec1ea4b1b4d
-
SHA1
59ae5958f6220d6cc89c1349362302e6f4256bea
-
SHA256
ceff414fdb663579196bea272215d1a62f84ea60ebe5da6d6b140b3de0dd9f39
-
SHA512
7918f5e29dfba78afbb7466801dc3f6ff5b93763420e93c1cdce665bcdb141dd304bb3142610fac7f851c41acd227a070cb99c81484edef988a13694567173da
Static task
static1
Behavioral task
behavioral1
Sample
Purchanse_order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchanse_order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW204@Z7
Extracted
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW204@Z7
Targets
-
-
Target
Purchanse_order.exe
-
Size
772KB
-
MD5
7d3b4301c9c66c9fdb16dd433cb8caae
-
SHA1
45788c1bc647a628c3ecf414109ad9702e1e3294
-
SHA256
b9b823a4a7732af045884bac1c801b2924521291e92157c7e90ed573f1236f54
-
SHA512
af01c5213d2150531feadf804f80605f6cd5a17bb442d3f3572f27ff861621985ea42fd9c475d502249c0935dfc19bef59f8d3e392e9ae1e90bbbc66e970c274
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-