General
-
Target
f1eb2eeb0503f0d22c7a8e72c8c6eb81a488593c1ff8aaba497d0e17f30bba18
-
Size
388KB
-
Sample
220521-bjzrzabhg5
-
MD5
e20ce9159cd27a6cc93d3889c484b51e
-
SHA1
7c668db5d3f2ea2b857567dedbbd9da316749af0
-
SHA256
f1eb2eeb0503f0d22c7a8e72c8c6eb81a488593c1ff8aaba497d0e17f30bba18
-
SHA512
3b02a3f933e3715aa469ec57e15e2483c9f1217702eedeb24dbcbbdf1dea96c9b64a332a5437fc2a28731c7391d4792b42e41562401552cde5a7847549b631fd
Static task
static1
Behavioral task
behavioral1
Sample
OCPI Purchase Order No. 000138 (RV1).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OCPI Purchase Order No. 000138 (RV1).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.imp-powers.com - Port:
587 - Username:
[email protected] - Password:
AHZlkhbJ1
Extracted
Protocol: smtp- Host:
smtp.imp-powers.com - Port:
587 - Username:
[email protected] - Password:
AHZlkhbJ1
Targets
-
-
Target
OCPI Purchase Order No. 000138 (RV1).exe
-
Size
668KB
-
MD5
e4ebb2f1966b267ad97936ebf0b0b389
-
SHA1
2a175c3b59bea0f304b4f7c184994579dd2dd475
-
SHA256
eb0e9ed08b862d15fc764a1f94b0c05b24387464d96321643872cdc9763a4142
-
SHA512
2d40b3182b56432c535b19d82ee20b5ad66caa8a0b47875eec22c8e97bb275af4ea8c1fb188edcb93cfe5c82ba7fbf4f66d65d3236cb31c7838a5eb927605a7a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-