General
-
Target
27fcab0d42fd182772b088b02fa0fb3cc52e7f30c9a8fee9756c2245d63f12bf
-
Size
479KB
-
Sample
220521-mzrxvafhbr
-
MD5
5a828f6b893e69c85b9d485ad2385dd7
-
SHA1
c259ceb45b1071f5ba3d0e549aeddf3a62aa3992
-
SHA256
27fcab0d42fd182772b088b02fa0fb3cc52e7f30c9a8fee9756c2245d63f12bf
-
SHA512
b3b7b5f151bc1a96f4901e5a81a5d5f08abe5550b00dad7942b23c838f62ed25be90934006b0c24d5e06893bf84cd7ab44777cc7d91e3c1eaec835b4720218b9
Static task
static1
Behavioral task
behavioral1
Sample
Revised PO# 453924.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Revised PO# 453924.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hk-gruop-sg.com - Port:
587 - Username:
[email protected] - Password:
YERuFGp7
Targets
-
-
Target
Revised PO# 453924.exe
-
Size
775KB
-
MD5
9943384ae07ee24b27111dcfa3ad3f28
-
SHA1
d05c756801a33f30c8c8c54c2513590a7ae56e97
-
SHA256
345f849a0cfc012229e71b4c53ff148b9cadaecd692f624f917e35dfed7f820b
-
SHA512
6a1944d0807e2646a4909a16d0ab9fce1d4cc74a1d90e7485172600580a83157bed1941929808b2dbfabfa7e90007ea4624d61af406326682a3a1f9244863176
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-