General
-
Target
405b27ce24ff7c6e7eb52b5680cb11106a51173f5e2320535923baa38e7b900f
-
Size
504KB
-
Sample
220520-2zepvagcd5
-
MD5
c1b65c2defc029d906b7bda203d9080d
-
SHA1
0c346495617eb1c4f047a8b9f1aa4b13cec82b29
-
SHA256
405b27ce24ff7c6e7eb52b5680cb11106a51173f5e2320535923baa38e7b900f
-
SHA512
183d61f7e7ed67d9a0956c01e111eaee9a8c738c2e7cb01f00d432c374d2a963ba597e84c1be8ae23aa91523b0c0c3499a1a189f6c376d38f2fb957865cff049
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 072020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order 072020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
rodyorigin.cf - Port:
587 - Username:
[email protected] - Password:
Spoofyou2015$
Targets
-
-
Target
Purchase Order 072020.exe
-
Size
444KB
-
MD5
ca640401fff10aa01cff2d098411b845
-
SHA1
1236531f23e84c85793121181af1f111ed187b06
-
SHA256
adbb69f96dbc24c4fe050f4b99e01647393fb26cd482ddbcbf6faf23f6470be0
-
SHA512
1dadff4601d9067b4a4190d73a795798023a696d3fb480725035e8732b6436e44c590cc910e1cab9c35fc633de6df2ccf8fb8e5a8253f202e796708242b33f20
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-