General
-
Target
e5782f3b98860dedcbb1a885dbcbbad66e44c9c59c0a63ccce2f4afd95fd6ff7
-
Size
276KB
-
Sample
220521-nyxblsech3
-
MD5
6ef801e57eacf5c316383d247391deef
-
SHA1
2013f56a982dd44f7462168ce7e0ae86fc232417
-
SHA256
e5782f3b98860dedcbb1a885dbcbbad66e44c9c59c0a63ccce2f4afd95fd6ff7
-
SHA512
fb8d1a4a70e812609229f723bcc5241bcdf247345cb6b2dd87d34f5703f0819d08bf24120a0b05fe025884a4fd8b8c6a8205271119650049445ef76b7a133d81
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE-ORDER00233.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE-ORDER00233.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yltab.com - Port:
587 - Username:
imre.macsuga@yltab.com - Password:
VdwhsPd5
Targets
-
-
Target
PURCHASE-ORDER00233.exe
-
Size
404KB
-
MD5
c6d759a4ea7a7e72a78f421e97e5b3f8
-
SHA1
7e7ed9f700dcb6afe93f2853b2274f8da17489a5
-
SHA256
49b1f7cc23794aec475e17c94f1d60270d66e9d24ea9728fc9dc6134c0855292
-
SHA512
0eaf8c02edee1c3d4dddd57e5f1d5612723334af59cde0c8fc5c68b935b46e1bee022ec67f19775c43170d54bdf84fea914bfce945ef3ff5c38c3aabbe882b9d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-