General
-
Target
6d9edc2463192ab41345fd48b44d3ce69c47a2b70097c8e31a153190a18b2b1d
-
Size
412KB
-
Sample
220521-angxaaddgl
-
MD5
6b0708c4751a9d8592aa97796d706523
-
SHA1
d72826024b7f979345ad6c4a33c4df0f5821e6a2
-
SHA256
6d9edc2463192ab41345fd48b44d3ce69c47a2b70097c8e31a153190a18b2b1d
-
SHA512
4b28dd52a2837a8cf14fa837a05051deb4956fe75443ac130a5a127133448d949c2e027c263bea4eb7da2d395e3b5d743c20239c3d2c28c3318732deb677ec04
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Extracted
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Targets
-
-
Target
Purchase Order.exe
-
Size
455KB
-
MD5
0de607d7e44900630a03902716cde06d
-
SHA1
2996fc9fd8b2b09c56b26cfa675acfabe8ae9139
-
SHA256
6567bac453fabf7e0049d881db8ee06561d7aee2262b8181c8e8788a3e18999d
-
SHA512
93577c57782f91cfd88feee3746bae75a051d31aceb64b8291d5b8ecedc520e75473aedbd4ca9903a91bdd4aec3ebb33dd30d2bc37670ef843bc9c4b9443579f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-