General
-
Target
db769d7bd183986649c1deb6c82517a37ed2dddd53217bbf52a1480276519fa3
-
Size
478KB
-
Sample
220521-cf12asghbk
-
MD5
e26d05576224f793d510b7245e481d6d
-
SHA1
5edacbcaebe8d6f2f3ed866298e28536364042db
-
SHA256
db769d7bd183986649c1deb6c82517a37ed2dddd53217bbf52a1480276519fa3
-
SHA512
929d76b7564217c7fc8a97cb698d267f1d3f0c32b26af0b992c4b2fdc60b7f459dfae6bf50a7d46b67206e035937b42bc55f1e56979f5962d1b66893ed53e420
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
NEW PURCHASE ORDER.exe
-
Size
502KB
-
MD5
c8aa43fa29e981c8e0a1a307c703a948
-
SHA1
31a6ac6ad48d14f6719086f343d5c74a1657dd0f
-
SHA256
661a23fbb68a04d534e7dc2f481065984141666fac72ef0a5342a622c0a1fba3
-
SHA512
b89c07b893cdd86ba697b00740d769b7d46c4e19ea9046919f953c45bcd66969de3807c481a4a1036b943f0a41015eead66b3333d8ef6710355a3dfef3bb0056
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-