General
-
Target
618040cf5a9fe4040090407792cd374117473aceff8b5e8d05cee2d4e2e60bb8
-
Size
738KB
-
Sample
220520-2yqeysbbgm
-
MD5
a89efbc0a9753682a1dea6085a08cfd7
-
SHA1
5eae166d47a3c2c836719cae5c02b0c32fb49455
-
SHA256
618040cf5a9fe4040090407792cd374117473aceff8b5e8d05cee2d4e2e60bb8
-
SHA512
01b894a3a4d2038d221cfdf40b7d38fc995d57765be559c4ecf797aa1cdd196541587fbc6f7d5dd8858145d6848d1f898a075e532d94fcbae25edb56719e505a
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order from Arrow Electronics Components.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order from Arrow Electronics Components.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Tender Documents Arrow Electronics Components.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Tender Documents Arrow Electronics Components.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ontime.com.ph - Port:
587 - Username:
[email protected] - Password:
OTelvie1234
Targets
-
-
Target
Purchase order from Arrow Electronics Components.exe
-
Size
424KB
-
MD5
f094dca28a6ce2605e0fbbf5a119807e
-
SHA1
476167feac646617417834133571878436166918
-
SHA256
b4ccf43f4738a566c201a3320e7ed4a49454359e8d85cc2470fd3caa820d4e29
-
SHA512
72260c47ee5b96729ba5d88c4973b6b118e2f323ebffedeb2da0c3651c48b4c8c0e1e2047372a61fe6f6b737af8da448e146c30a3767c942fec3c000b8f7b26e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Tender Documents Arrow Electronics Components.exe
-
Size
424KB
-
MD5
f094dca28a6ce2605e0fbbf5a119807e
-
SHA1
476167feac646617417834133571878436166918
-
SHA256
b4ccf43f4738a566c201a3320e7ed4a49454359e8d85cc2470fd3caa820d4e29
-
SHA512
72260c47ee5b96729ba5d88c4973b6b118e2f323ebffedeb2da0c3651c48b4c8c0e1e2047372a61fe6f6b737af8da448e146c30a3767c942fec3c000b8f7b26e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-