General
-
Target
0ea05fa1a2e9b96aeb35fecd889298bf6d67bdd12e2e5810a07e45bff86d2c9c
-
Size
373KB
-
Sample
220521-ppfsyafgb2
-
MD5
67a0a5ced3d26f4d7c8c0359d791b63f
-
SHA1
bc8e3b038b0b51a40b263b678cf0d78848ee895d
-
SHA256
0ea05fa1a2e9b96aeb35fecd889298bf6d67bdd12e2e5810a07e45bff86d2c9c
-
SHA512
af4bebb73709ab4514384e1cafec1b32dfba7bce5f26f23430a98dd3e1c9463fb5bf0d2f43610757bc9e7ae5dd011e15a8c8a72158a8b7ebcaad891961c2c8a4
Static task
static1
Behavioral task
behavioral1
Sample
New-July-PO-07545767-TR768669-Order_Sample-Quote,xlsx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New-July-PO-07545767-TR768669-Order_Sample-Quote,xlsx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dsb.co.th - Port:
587 - Username:
chakrapat@dsb.co.th - Password:
Dafnke23
Targets
-
-
Target
New-July-PO-07545767-TR768669-Order_Sample-Quote,xlsx.exe
-
Size
412KB
-
MD5
495fefe3f258ab11a285d3fddf0ac160
-
SHA1
f2f9c5b1f8424715ed3263cc3bb2de9c4535940e
-
SHA256
0be3470e0c0afeded793f139be36a34de63714490ff86e5a9e0fa9a584ea20cc
-
SHA512
f6c8980dfa3d2c0a7810076820ebb7be494314b8e9fbbefdec57ded94e680dd94a9159d0735ace6495769d11d1efb71862b79a90fa9c88f45afae25d671c1847
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-