General
-
Target
f5ba380953345439bbdfb42f63f8965dbbf991e41213d7ad3ceb4e23ef78ecab
-
Size
510KB
-
Sample
220521-m4mtpadac6
-
MD5
915e7100f86357266c2b37db1ce77e4f
-
SHA1
c34c162becbb6cee7e93a45d2e595e435247036f
-
SHA256
f5ba380953345439bbdfb42f63f8965dbbf991e41213d7ad3ceb4e23ef78ecab
-
SHA512
bf6172c685631f94947234d2394a11f15d7142b4cdb010721168e407dcea2ccc21278585eefcce6806854b3394346ae8b6560a29c8ca0047b69d7b3b482db58d
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Order_111982111.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase_Order_111982111.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Targets
-
-
Target
Purchase_Order_111982111.exe
-
Size
819KB
-
MD5
070dc07c464b01a1f7bb9b3561ab5df1
-
SHA1
5f5305e1fdc2e675adb13cb83bd231cf93019e1c
-
SHA256
2fcc3c49cbacd359f308ab59cbafdec24f95d4b638bf9c2fd5dd466379dac3aa
-
SHA512
3c154b94d7129f19ef2f87ff9180649658fee56e7652c2cbf455db8ac5fe4cad8c96746e44bc8a846e4233b7bffdd2a78db8b546820ecd4ceaee5c5cb8f0c1cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-