General
-
Target
7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37
-
Size
589KB
-
Sample
220521-aldf3sdchj
-
MD5
fb0ecb8c3c946332d005ddea5430b273
-
SHA1
e29289dcfd084f7c8a2d413256243ff889a83db9
-
SHA256
7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37
-
SHA512
89d794dfa7a415f8f34151191dc02fa5137fb4ac14c9cb5346f7d247fb2372d9691185c96320fb75ece70cd1b403da46ca9bcb0dd928d4304488bbd821e3abc4
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.a-k.co.ir - Port:
587 - Username:
[email protected] - Password:
09133434194
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
849KB
-
MD5
fe96b4b87c6023b699ccc5ece8485e14
-
SHA1
d29f6473b45d6dd8d9c89e376cf87e004278cd9a
-
SHA256
ee24bdde3b389e8776f89333aa2a9fe433d8a49c22a7b594b0db8f70b868de1a
-
SHA512
7900e2a057a9a13e48d2642d7dbabb779c52263bb002cc20d07a6dbb68b67c4f9ce7b6962d027c184b93a0c9a14ec6b2247c7b05ec59f003aa117f5129f366d6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-