General
-
Target
9ca36497072eba5668cc4392a957f557791343f5d82b0b986c6e032cd97d18f6
-
Size
494KB
-
Sample
220521-cxkqmsefc5
-
MD5
a6a065c86c9a14ef844ba63a49b67909
-
SHA1
b59050c28b153e835d1442c87da5779aef7a16ea
-
SHA256
9ca36497072eba5668cc4392a957f557791343f5d82b0b986c6e032cd97d18f6
-
SHA512
b5d338364741f3a7b5ed5ee0b3f7156dbae8a4614565b8f558f9999f5c312ead37381f918d0018846e619b5e4cc2b7dff00037c9c4a62b53d5827d0c8ba79936
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.svpcelectricals.com - Port:
587 - Username:
[email protected] - Password:
svPower@2020
Extracted
Protocol: smtp- Host:
smtp.svpcelectricals.com - Port:
587 - Username:
[email protected] - Password:
svPower@2020
Targets
-
-
Target
Purchase Order.exe
-
Size
546KB
-
MD5
9773ee81c3f9e99d2a49eadca3781fcd
-
SHA1
e2d4d319ff955aca80862eb81bdbd29b487020cc
-
SHA256
5bdb143b6d0d8d887824029cdf05abde0588afae43078ccc565f9eb4aaa3d6f2
-
SHA512
104cab226d60d5ad418b02f3d379e817919130d46d1cc8669e1a59afa468d90526ac57927517938e6649d311df73bebecb52e0aaeef23e805a7f11cbad12428a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-