General
-
Target
0fc3fcc55afe03bd93d0599e6cfcfea432632a27ca203ccef2e924af560e50eb
-
Size
566KB
-
Sample
220521-bye14sfgcj
-
MD5
f67518435cc93454c4ed2619a18127cd
-
SHA1
6ba3fcac5beb77846a64b400d0a111184ab03085
-
SHA256
0fc3fcc55afe03bd93d0599e6cfcfea432632a27ca203ccef2e924af560e50eb
-
SHA512
21e25b8fb4218b96f74710b4d542059d8edb0802d3e5879e8a5e8b8030d305ead58f6a82383c77f9de86c748a1638e7c57d42e724f258fec24fe144bed24652e
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ppmm.or.id - Port:
587 - Username:
[email protected] - Password:
nasiuduksutrisno12345
Extracted
Protocol: smtp- Host:
mail.ppmm.or.id - Port:
587 - Username:
[email protected] - Password:
nasiuduksutrisno12345
Targets
-
-
Target
Purchase Order.exe
-
Size
889KB
-
MD5
ae05ce1870f5642d5293b066f88764e6
-
SHA1
bcc56b22eae1e7de94d8379135e32eb719ff00e0
-
SHA256
5a42016adf1b9ebf187ac9294fe000c2df6ad474278673bcbe64925357a78363
-
SHA512
a1d90c9a9abe9faaafe7ebfda4a789ce96b2df7437d33cbd204e4dec5f161f562b74802a162ddc05d3f813cfcc04dbc4ab2489855d1e8948808881cd7bfc0c9c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-