General
-
Target
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39
-
Size
488KB
-
Sample
220520-3s5hcsheb2
-
MD5
1520dce1c9e2ed239b4c9a22cf57eed7
-
SHA1
1ca4cd8f6eb2929262a1cf528e73309cf7e0ae94
-
SHA256
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39
-
SHA512
dbe9fbdcb7f71d962ec75559c00a78dd75df23e6a3a1838ef9a5fcda72366143e7e9815ce772fdd38240f3d39ccd4f74a50b7b94591bed57a4a59f3331601faa
Static task
static1
Behavioral task
behavioral1
Sample
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Safirxxx01
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Safirxxx01
Targets
-
-
Target
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39
-
Size
488KB
-
MD5
1520dce1c9e2ed239b4c9a22cf57eed7
-
SHA1
1ca4cd8f6eb2929262a1cf528e73309cf7e0ae94
-
SHA256
cc366f74f3a57b174cfcb3d769ed5042e4e3b3f3daf611574d5ee6f09be8ea39
-
SHA512
dbe9fbdcb7f71d962ec75559c00a78dd75df23e6a3a1838ef9a5fcda72366143e7e9815ce772fdd38240f3d39ccd4f74a50b7b94591bed57a4a59f3331601faa
Score1/10 -
-
-
Target
Purchase Order.exe
-
Size
598KB
-
MD5
fe5426be581da9253481c54aaabcd47d
-
SHA1
952d80126435cb1bf5be98dc15e37d93410b1ef3
-
SHA256
d5525bf39c73e96c70c1426c09e3431fcc7853b1f9920577aa3cd4596f209762
-
SHA512
e39fc25d4ad6d8b76d543fb113631983f77a2043aacfabd495da485ce6808b089c1253f7e2c961e1147187ed5b498e525ea758720b49dca756ca8b45b9f6af0c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-