General
-
Target
28bcd15ca5ae9a90d96c47fdef3babfc7340f8389ba4a430f758558b41595097
-
Size
283KB
-
Sample
220521-b2f3kscha7
-
MD5
ffeb4de40dd54a24c3a9d1c4024715c3
-
SHA1
df5cab2032d3e4a97636430c5b6204e55445b01c
-
SHA256
28bcd15ca5ae9a90d96c47fdef3babfc7340f8389ba4a430f758558b41595097
-
SHA512
71b8bd3bcf208d036138270a90249a63394a97397cc85a98bc37c3863443b8bfbb7946e89eaa4c156428c31efcd64d030a6540c840c6f82789a8165f4f2e3238
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order - products listing.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order - products listing.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Extracted
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Targets
-
-
Target
Purchase order - products listing.exe
-
Size
341KB
-
MD5
86170f4ae6169a75285ab2f425773c5f
-
SHA1
2bf793b6ea03f3841753b4e87c075b0bb92400f8
-
SHA256
330e6f2570ed6549af122ac6fbaa1ebbe4372471fa8e1c671371ba46186ee76d
-
SHA512
ed2e90daf20f952714f7d02a0dae5173bb83664307e52de8caf86aa3322c60fa97d7487d2a8bef4c14f73cefb438e30b67977c71e31258b3ebd27470116b3ac5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-