General
-
Target
0949306906e66bde29ccf24ecb82d85fb49a3ee3c502e632b1f114b164e7cc94
-
Size
578KB
-
Sample
220520-2pexvsagcr
-
MD5
5aed6dfc7af44276e0bd88030c944c08
-
SHA1
56f436deac9262c4aaf290405a26c314cb23055d
-
SHA256
0949306906e66bde29ccf24ecb82d85fb49a3ee3c502e632b1f114b164e7cc94
-
SHA512
66b78525e353e039b9649f6175599789393d0d10a472e1f0d0aa3ab155a6d093e9e63698d222c5d69c7f045d1c3f6c7fd837ab06789106cc8db6b8372a50cd05
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
jamaicaredcross.org - Port:
587 - Username:
[email protected] - Password:
chikwado1980
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
758KB
-
MD5
0c2b2237be9d61afea6f62cd4edff9e4
-
SHA1
18a3b3b9ebd80d8cb12ec18b749a9e843e0c3ea8
-
SHA256
c7be8b5b17f15893c49c1748052bee41cbbb574b2aa6ede4923e01ccdaded68d
-
SHA512
765bc8139fbc6f8c8b90eea9a9f3b9981051f4227ae2f8de40518cb4df9899e0755773f1a6f425dbfdfa6b203f88d02b6101d7cd58e9e316a64fa5636b4ac461
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-