General
-
Target
ffcb2695595edb1038f01ac39dc24830d955352ae9880f983ff2e22137357f18
-
Size
452KB
-
Sample
220521-nx7qysece9
-
MD5
852239424be81f0464683f9dafade49d
-
SHA1
03ff5973da6428080908426a3556d1ca935a548c
-
SHA256
ffcb2695595edb1038f01ac39dc24830d955352ae9880f983ff2e22137357f18
-
SHA512
604ac65b590a9742f3ff6367712f57f476829d633860441964ece5d918444974f47e5c3e1188716b0ef4c542d8aff1e930bb54813d8077f482992ab84830e15f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
sujit@amexworldwide.com - Password:
sujit@41#
Targets
-
-
Target
Purchase Order.exe
-
Size
518KB
-
MD5
8feb32e81b0c570b023e62ccaa62459b
-
SHA1
1d31d28aceb106ee34ed91e17b7d6b26b5bd4025
-
SHA256
66a821494ff2c4e9d5dbe663572f4f46df6993b0a661a29cd4a3da18414b9527
-
SHA512
be8bd41f5ff1b93dd7e8f4171a8158876b9f2db3ad13471ed76a10c57ae89782d45b80d8ccd9a23adda0b5002bc3f97e52ecfbf054838fd01db024c5b65041f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-