General
-
Target
8339550b48015df0781dadfa0bf5b0f1628ac7ea7626707cfa077362981d608b
-
Size
751KB
-
Sample
220520-2xpf9sbbcr
-
MD5
b389f7b49610d345bdefddef775157a0
-
SHA1
5df2f3d572e0fd84b8f7fab28161dccf80cdc9fb
-
SHA256
8339550b48015df0781dadfa0bf5b0f1628ac7ea7626707cfa077362981d608b
-
SHA512
beb74f3107dcd3e2a496db9d67f949ec2bee823e777927d983a05193f334fcacf2ea58027d51086fa852d2997c016bd15fe43a16d6ae48c39b6e468ce1eb32e5
Static task
static1
Behavioral task
behavioral1
Sample
purchase order from Innovix Distribution Limited, Hong Kong.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
purchase order from Innovix Distribution Limited, Hong Kong.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
tender document.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
tender document.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ontime.com.ph - Port:
587 - Username:
[email protected] - Password:
OTelvie1234
Targets
-
-
Target
purchase order from Innovix Distribution Limited, Hong Kong.exe
-
Size
418KB
-
MD5
aa66f3dc29dda2018492a5075dbf782c
-
SHA1
18d7bd5e15ca54bf73ebfa586b3f4fae79cc09f2
-
SHA256
985f9b81daf2acb7ea196c9a7de019064ed08ce19614ad1de0d3e350fbec2dd9
-
SHA512
39b09bd610a32cfedde6382da29d164189de9aa1edd87ed0a195e872deda495d04fbf0cc5bcc27b94adc7b34308d23a37c7d3ad4dedd1839adcbe2dbb48c47c8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
tender document.exe
-
Size
418KB
-
MD5
aa66f3dc29dda2018492a5075dbf782c
-
SHA1
18d7bd5e15ca54bf73ebfa586b3f4fae79cc09f2
-
SHA256
985f9b81daf2acb7ea196c9a7de019064ed08ce19614ad1de0d3e350fbec2dd9
-
SHA512
39b09bd610a32cfedde6382da29d164189de9aa1edd87ed0a195e872deda495d04fbf0cc5bcc27b94adc7b34308d23a37c7d3ad4dedd1839adcbe2dbb48c47c8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-