General
-
Target
ORDERFT-PO-0276-22 & PO pdf.exe
-
Size
696KB
-
Sample
221128-ltcqasdg48
-
MD5
039d27e10bb3182730ee0aa83aa5c5e3
-
SHA1
bbd636ede9b67666b07e64c7068d9dccba8aa041
-
SHA256
824beccd394f8353802f6cb9c85da718fed66254e1ea95e8d34fef5a413242f6
-
SHA512
5821457f9051efa53d520d6846689e87a4e6a851cae0ba0c5d46742702a9311c172edfe4bb11a8498a1332e538b50c55aaca2f1174d4b1fae9c5b706ca4def20
-
SSDEEP
12288:HEc3pbKbfRW5754JLYRDb+InP2zgAZGm8NG5k3TgxHW1+:HfZbKE5iJLcCI4ZecKExH
Static task
static1
Behavioral task
behavioral1
Sample
ORDERFT-PO-0276-22 & PO pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ORDERFT-PO-0276-22 & PO pdf.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
info@post-xreo.com - Password:
WEf*ZBI1
Targets
-
-
Target
ORDERFT-PO-0276-22 & PO pdf.exe
-
Size
696KB
-
MD5
039d27e10bb3182730ee0aa83aa5c5e3
-
SHA1
bbd636ede9b67666b07e64c7068d9dccba8aa041
-
SHA256
824beccd394f8353802f6cb9c85da718fed66254e1ea95e8d34fef5a413242f6
-
SHA512
5821457f9051efa53d520d6846689e87a4e6a851cae0ba0c5d46742702a9311c172edfe4bb11a8498a1332e538b50c55aaca2f1174d4b1fae9c5b706ca4def20
-
SSDEEP
12288:HEc3pbKbfRW5754JLYRDb+InP2zgAZGm8NG5k3TgxHW1+:HfZbKE5iJLcCI4ZecKExH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-