General
-
Target
68366fbfc371a00988bb89cfda2b233eef766df1eaafbafbcf0233c0e3ef96b0
-
Size
1.0MB
-
Sample
220521-m8k6nagdbj
-
MD5
0b2a5d2fea9c4d8800d761ab8074ec19
-
SHA1
119e2301ebc708f651b94617cf21cd80841e2c7e
-
SHA256
68366fbfc371a00988bb89cfda2b233eef766df1eaafbafbcf0233c0e3ef96b0
-
SHA512
48acdbc3e43d174f939aeefe6c75a2bfe2f3a1668ded16595f0f240e6af4c1ce13ccd90633191f9b7b533c2811b05a276130eb4dac35e66a7707048d31c7fb45
Static task
static1
Behavioral task
behavioral1
Sample
Purcahse Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purcahse Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
barry@haulifeng.net - Password:
$WgsN%^7
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
barry@haulifeng.net - Password:
$WgsN%^7
Targets
-
-
Target
Purcahse Order.exe
-
Size
1.4MB
-
MD5
cd98063489088c8d9fdd75d9a91bd325
-
SHA1
94e59c14b25fcef95a86d32cd0ff1886236ec162
-
SHA256
10c418adf1fc625bede0ca0fdb71bafbba3570e99e96f44f362b82ac34b78626
-
SHA512
9fe9b7f2f53f07a9ed80459aa09270a5535b01bb1f716aec461240be2e075a5ca146c89684b1963d8333f666ac82dfc132c8d8b88aa495fd66e799b6199679a1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-