General
-
Target
b295fdaa118ce9c9fee9a2b3dc163a863d9db2b9ee3a54d6b8fa3874f2782391
-
Size
373KB
-
Sample
220520-2wpewagbb8
-
MD5
9f31ed3b088f5e8557188dc6d9a524bd
-
SHA1
cd33052d1aaa041a9336654ac43b916abfd78fc8
-
SHA256
b295fdaa118ce9c9fee9a2b3dc163a863d9db2b9ee3a54d6b8fa3874f2782391
-
SHA512
6128956a328ace262dc5a6dc1c421c62f6ad7c5cdef89e5bae3b07cdbbf02a5fa4a4d6339b8e1197fcf2200fcfced00d6f3933fc101163a36e1bf07760eaeff0
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
purchase order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.laovpet.com - Port:
587 - Username:
[email protected] - Password:
nHyONcF2
Targets
-
-
Target
purchase order.exe
-
Size
428KB
-
MD5
95e7049e1c5835dc0eeb9a66a65f32ed
-
SHA1
875e132852f880ab059b799bb4411f7984dd6a37
-
SHA256
f0846ad4104e2d3e723daf5f0773efccdf243e5902cab9700ee1e3c03d8af771
-
SHA512
dce9ebd0848f683725b50b7b92c707abf9615c37a0bcb365f86a0100a73a624e7dd2c243519eeb555feeb97366575cd26f7bf0d5f67340e3542dfab08cefba0a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-