General
-
Target
0d08d12c9a7238d1077353c6c2f5b8748ca4d1b8711df2c0552f8dfe25562215
-
Size
387KB
-
Sample
220520-2n7aqaffg9
-
MD5
7b4c90a1f577575c50a0b1cd243aebed
-
SHA1
2e711e4d3772751ce69c808836ed498bc86f9400
-
SHA256
0d08d12c9a7238d1077353c6c2f5b8748ca4d1b8711df2c0552f8dfe25562215
-
SHA512
8377f2fd9f9787cc0dbc59b3ad1088a1bef99edcc79c3a51de1564e523a6ac54a8d6d9f01d11dd95c65f88fd8197bec7d0c9fefe10ad75809dc6987cbbb7bb03
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.capitalone-bank.org - Port:
587 - Username:
[email protected] - Password:
u)aHYn*7
Targets
-
-
Target
Purchase Order.exe
-
Size
475KB
-
MD5
3daaba84ce640bfda2f7721ac24e8e32
-
SHA1
3d8ed4d6f598b796cef240e2696b7af988e06679
-
SHA256
04066d2aaa261814ebb764b76ec4977184b985cd0c56917145068aa37de50965
-
SHA512
71f69902f43be4e1c5fe0677f0c6021de6708bb0c76a43a78063fac2b0e0864e522ed1a0d0e3b944d5566409f4d6dd2332c62e4f803fd0f81f064d083fdfc1e1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-