General
-
Target
12a9ef1ebfa6ee37ef562648360c40a9757e7a94ae75e22a1f72bb91aee691e6
-
Size
401KB
-
Sample
220520-296ajsbdhk
-
MD5
973c7395c6c17721ae35d2586d007155
-
SHA1
78e4c127e5212fd27bec5a52f6734804a63dd6a5
-
SHA256
12a9ef1ebfa6ee37ef562648360c40a9757e7a94ae75e22a1f72bb91aee691e6
-
SHA512
f8192509fe76a2826fcd44cedf932b880e56dc4e94afc9cd78bd8e75cdccd9b2d7e554d19af75805613b033348b99be541ebeede247de4ac9021d4ce21e1b907
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Oder.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Oder.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tsa.ae - Port:
587 - Username:
[email protected] - Password:
HbtBd3(_ZSvL
Targets
-
-
Target
Purchase Oder.exe
-
Size
430KB
-
MD5
baaf22c14b3b7f5a5a67d02abf6fce2f
-
SHA1
19da6834ac6d6a107ffb7623ba1147eb362e5db4
-
SHA256
ca38289752e799523d0031fd56900abe2f43d0c2c0eee48f010728c6a22959ff
-
SHA512
33d6d910d04a9ea6368ca652df791ff7d576c129befff5e03c1ca2f8bc78e30913e79629c850e141a70522bbd7e3d7e64a703e30487d56c67487b21111b2b2c2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-