General
-
Target
D189FA119AE4415CEBDDF0B54910E7F37E1DA28C19246DF65657BFD35E5BF62F
-
Size
538KB
-
Sample
221123-r2eshsab43
-
MD5
27b1d3abfd4d880afe90f6abc698d618
-
SHA1
a1ff139b3791e62a14299cf0da6fa41535c977f3
-
SHA256
d189fa119ae4415cebddf0b54910e7f37e1da28c19246df65657bfd35e5bf62f
-
SHA512
f5a55ec6a4093487d961afde8a13ef1ca3fd33cc8e87688529715f5be9e2a6414f94b66767451b78d8d26e19b13eea0f7edf142ec26e7aefd74a76f4c7d95ba8
-
SSDEEP
12288:RuqqrbkW62Qwl+26QEVkJNC7/bbCPOPZMcxsrSXQMYCHID:w/rAW62NFkkMPUs3xYSgMYCU
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order......21-11-22.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Purchase Order......21-11-22.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5467926675:AAHl4rZuFMBsQAWPk1ynhSWYCGcDxYqlg7g/
Targets
-
-
Target
Purchase Order......21-11-22.exe
-
Size
718KB
-
MD5
34b26dab00fad0c5d70277e58cb0b546
-
SHA1
7af5c0c05fc740c7dfa410235b6781c2f08bd996
-
SHA256
b1614082023a76f25d59eee39a1fc2377d7b678e5c6ad7d451f0477b374d6660
-
SHA512
ceb27d8fb939418e5b09a3e3897f93357b0404fcc8be385522494ec8d46aa14a933fdd293522c0ef50caf40d756bcc8fef95a0ec530ea40a4b3849558a2ce045
-
SSDEEP
12288:6PMsbBtXrT1rAChzf0y/lqwVaG/TTcrmvPd3FRu+fTbML+mxh+4NPBW4/nuisOLw:21rbhzfDtqAbbT3vY+fDmxhFggux+L7m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-