General
-
Target
dd1e5f110d011e4037fddb9af20ff6072831732aeddfbb0286bfea8b2c316631
-
Size
947KB
-
Sample
220521-mm35cacaf5
-
MD5
97c5f799d0b39884b27dec44901e36a4
-
SHA1
b5230eee88a24d5a8d45303249ee2a523a37ede7
-
SHA256
dd1e5f110d011e4037fddb9af20ff6072831732aeddfbb0286bfea8b2c316631
-
SHA512
f9704a6e5c12ff50859f938c338f6e648b5f83f06839146c265b5fdb3f9c704f3a49cfc0586d483e20be77de4158e05d917d4cfbb04195d7a012f350b0ce2893
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Order_06092020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase_Order_06092020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.poongln.com - Port:
587 - Username:
[email protected] - Password:
qwA*haO2
Targets
-
-
Target
Purchase_Order_06092020.exe
-
Size
1.3MB
-
MD5
928759eb97e1f91002f40e4dbfc6e915
-
SHA1
4408033df66fc210652d5110dbcead2f0df30398
-
SHA256
f415c372a8189ef9c11af791c64d35cd6bebf3d65fb295f9f5aaf04138a44abd
-
SHA512
c18799a3dc14cde8eaabb8debbf8d455f8d53edce6c37193242d70315c7be79294bca86e24934f338a22597c0b895a7e9e6f432c88dfb0a51672c646daebf672
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-