General
-
Target
867950b663ee967302ad779027896ff43959c187a90213feee68f8bd9cbf7288
-
Size
463KB
-
Sample
220521-ahlnaadbem
-
MD5
ba1baa08d168d79a8f027851afaa90ad
-
SHA1
f7aecb30ab163f98ac8b6de0ee793ccb27708d1f
-
SHA256
867950b663ee967302ad779027896ff43959c187a90213feee68f8bd9cbf7288
-
SHA512
e31e7e6a521c9e02434c62163e08dc00b77212972677612f8ab0a2b98189c990a56edcf46ebb37be86c8988034dbbb750abae3b609df951390fb71eea7f7fbfa
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.multitec-bo.com - Port:
587 - Username:
[email protected] - Password:
FZKKsbpuTP7C
Extracted
Protocol: smtp- Host:
mail.multitec-bo.com - Port:
587 - Username:
[email protected] - Password:
FZKKsbpuTP7C
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
656KB
-
MD5
e833f0a6a687ba18cdf1420d96cbd49f
-
SHA1
4bbd88d670dec3f6f950963bfaf073f858a87df7
-
SHA256
5f40b1ff08765cda7d760a4eb7f6e0a21f67c4ec5b0bd395c776cb655bd075c7
-
SHA512
711495f95ad0611abef51f3bdf719d89ba2700c2c0614834d0da331724c7681da701019b502c72aa03bca8d8fcb5c366d8b2e77d4dc814e6d24646ce98cd353d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-