General
-
Target
d3638bf040cca677c4c5156a8a28501902408cde8acb3c11b28b2a69b20943f4
-
Size
465KB
-
Sample
220520-3rfslshdc8
-
MD5
9c5289b4f2adcbeacceae1dee8240ec7
-
SHA1
7f149504e290ba3ab279813b2500a6044269440c
-
SHA256
d3638bf040cca677c4c5156a8a28501902408cde8acb3c11b28b2a69b20943f4
-
SHA512
447d49d2d06f9a35dc03ea0a30694f7c9b37d007685ccc785cc8cada77bd0e04b6726ec9c455840d36d51e62ce8b5eafb5839458d10ff94d1e9611987c233cf3
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Extracted
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Targets
-
-
Target
Purchase Order.exe
-
Size
591KB
-
MD5
c12700a437eb04514593fead2cc67f58
-
SHA1
468ab8ea506b202d06240dd1d06fc2b70de51af2
-
SHA256
f155dd64a514c9ea5ffc36222d1c66c8daf6416945dbc8e8dd7a5b2cefae02d3
-
SHA512
603daeb934e3d650241b6994a3e9e7e7715af0db679d3792e93010fa6d7dc4ea72155640131d86bcb50060b6a745faa3ee15e4de41635c5fd62febde8b9c5782
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-