General
-
Target
f282b99dfbccdf631194f38ff4ba62bb9b79d3174a3c4ea6b08f2012110e4ba4
-
Size
243KB
-
Sample
220521-nyjqhsecg3
-
MD5
0d7392b601ea9c6eae39428b1dd0a32d
-
SHA1
98e0e20334621ed73012db099d3d8690a527280d
-
SHA256
f282b99dfbccdf631194f38ff4ba62bb9b79d3174a3c4ea6b08f2012110e4ba4
-
SHA512
34dd41967e9f174053f2159f8e98229858bf7b31d8d775e30240d24b4045c2fc6242ecc572d5ea6ac099d9737d00d9542cdae33c35d8ad646f2411535c7e6f6c
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
promotions@wasstech.com - Password:
Sunray2700@@
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
334KB
-
MD5
7fef57af049ab9441f9d219f180c2216
-
SHA1
027a128a7e5a4ad584c062c95759759f8e8616cd
-
SHA256
6e1b968192bdf51820df2d4c83f322000331ecbf6a1f5e6c91301d2bfdf47637
-
SHA512
8fec6c1263710c69c83b66b6020a901558ce5c284d2a8f8b0ea7f720576197091ce136efdb427f288266755218a856a747945f9cacb2ce0c20f5efde739b9470
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-