General
-
Target
82581ec9a7286aa77e44158cd9d163e43e1907be104caf4e437e98a82ef69b94
-
Size
561KB
-
Sample
220521-br98nsfdfp
-
MD5
e7581e429cea683a96567192518fb6b4
-
SHA1
4186f0bcbd6e2abc48b53511340ed72690a17574
-
SHA256
82581ec9a7286aa77e44158cd9d163e43e1907be104caf4e437e98a82ef69b94
-
SHA512
1efa6f82f808b49421711117f4def75fae57c315078cac548ed058563b193ba021efc9974445c89bb16129fecef0cd699d464a413940ef19541162654a835d93
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.villanika.gr - Port:
587 - Username:
[email protected] - Password:
n2^-9wE@Wl}t
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
705KB
-
MD5
a59b9bca7af17712ec8160ed449021c7
-
SHA1
adf4fff909bc2a50fff7f0b9f68c5f7ce079e0af
-
SHA256
12025c0f03e21ce62c476f6d5a95d3de80ef8ad59fc3a552550d0c9e927458e4
-
SHA512
3c3cf42d1ead104194df7ac4ec3104f95b33dceeeee3e9100e73bcdf0479f3e07aac08f9b9f6567f8e89356af8e744713e2bd6660a953bca7cf72e991cda1e0e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-