General
-
Target
595b1c786ceef31f85e9abf84f8a1f217ede19cc00d6c80a961b16d3e8e5bb17
-
Size
395KB
-
Sample
220521-ba8nhsbfc3
-
MD5
a3f23b714231ca1105c47113b17dc796
-
SHA1
f7908c1863a4f0b8af38506808220e1d6822980f
-
SHA256
595b1c786ceef31f85e9abf84f8a1f217ede19cc00d6c80a961b16d3e8e5bb17
-
SHA512
c944398f68ba962319c41edfbe672ec9ab310d0e28c4dc8f0d5a085d507d32806cf363fab50c4a4d84ba7d49c43c4f9b8ab447ff1d14760cd6c91e45253a7b2f
Static task
static1
Behavioral task
behavioral1
Sample
URGENT (QUOTE) FOR POWTEK REQUIREMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT (QUOTE) FOR POWTEK REQUIREMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.japhethpumps.com - Port:
587 - Username:
[email protected] - Password:
#BkvzVF2
Targets
-
-
Target
URGENT (QUOTE) FOR POWTEK REQUIREMENT.exe
-
Size
445KB
-
MD5
bc61c30aca441ffb05cb6a7f4e20e398
-
SHA1
c29af58853b9f0add9b799e5b6416c8c62b982dc
-
SHA256
664bab89e8bf8d8634eae118b560eddc60abf8866d8dba681ed3b50aadfce8c1
-
SHA512
6bb4233b113538fc9b6295285596bc8760cbcb6fac2438f9736b35f27af2aee9ff1d265d2f01175e7cb30dd3e3a889375d5e340bf7cf940860c7dc1739d33da6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-