General
-
Target
7891945fe579c68b0a6d1dd2fbcd938f798f73388f9b1e14c58cebcf46926135
-
Size
435KB
-
Sample
220521-almpraade5
-
MD5
38d0fa30b578df4a1a8ea3031ed45cdd
-
SHA1
f56955ca3f4b5893f72b3613376834bb0c4d2203
-
SHA256
7891945fe579c68b0a6d1dd2fbcd938f798f73388f9b1e14c58cebcf46926135
-
SHA512
45d9caa2e1c8af9525575668f31a972b5423d00adf67c1e494222d1fe2c2adfb65a9ca88f02f467d9ab3e8986e1ba4eebcb3ae3a28e68ae6c2276bfdec927ef0
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order for 0514 BUY F20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order for 0514 BUY F20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Extracted
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
Purchase Order for 0514 BUY F20.exe
-
Size
671KB
-
MD5
c56ab7ff3f6c1b4018f614beff6bd54a
-
SHA1
c080a65940c4a07ca45051bfd05848d64d31c005
-
SHA256
a1f25cc2116efd8dab8b7865597f22571937f38c8fa06279b45c3ddfbf6df5b7
-
SHA512
542fa99b1263755cb9bccfbc9a7f06e864078a22087adde36ed8cb88d0c9ea7db664af9ed6e2ba9fed6a1d8d6d467b7bb7ba9cbb5674ab45d00f3d4b9e70f6a2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-