General
-
Target
b161d990ac7fc79dccf2aa0b91617c5f74b8e21f3ab7ac6ee0a2c64d7699c79c
-
Size
405KB
-
Sample
220521-nebkssdef9
-
MD5
3fb64fd67a3697cf7bc4958825058598
-
SHA1
edee95f63ef0183f6eca44515433dad5103f7ed1
-
SHA256
b161d990ac7fc79dccf2aa0b91617c5f74b8e21f3ab7ac6ee0a2c64d7699c79c
-
SHA512
e87e2c732a11adfd9afa7d5b4ecf87a49275fc6b5738dc572fc78db044114c47ac85825bf9da7de6237db3a4d80e2e9d383761b3b514c9ab0c98af323c33e6dc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
r112ds144.redewt.net - Port:
587 - Username:
facturacao@inbiz.pt - Password:
Inbiz@facturacao_1357
Targets
-
-
Target
Purchase Order.exe
-
Size
462KB
-
MD5
e09e313fa5ee3202756106bfe71d0880
-
SHA1
a1b02731c8e2f3f857618a0d36f4ae76cfae0172
-
SHA256
0043a267bb9d97397eb15a8050ff107261ace407e9ad7e80ae32331e63d81139
-
SHA512
33b45a668940d69e89d564c8aa9329e8d800ccf07c35625363e7083ab800280dad608280df1f9ef011d2849af4af6d0c33093e926b1665099b795fbabe6ede51
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-