General
-
Target
PURCHASE ORDER.exe
-
Size
478KB
-
Sample
221129-lhmfcsae6x
-
MD5
617284cf0e998d2c674f9a088f5f26b5
-
SHA1
7e8f4e29129e8763f283d59edf690a08112a3928
-
SHA256
4aa297bde35def31be26acfc7408d508de921d2c484a354dc094898b1eb37b5b
-
SHA512
1592c6eabbfba5c8b568558ad182254e3b56297030106cdae1b960ebf03d3667288370025505db145fc6f0906d8daec18710d096854cc86409f8e5db53600819
-
SSDEEP
6144:Al0y/09dRjKGoM7cVq9llezhNZrLOnx3ourCktWBGLcDdFRRvf+2bUN3O7IPQXBi:Al8KqgAMXhqyx4oz22DzXBXozDT2x
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
478KB
-
MD5
617284cf0e998d2c674f9a088f5f26b5
-
SHA1
7e8f4e29129e8763f283d59edf690a08112a3928
-
SHA256
4aa297bde35def31be26acfc7408d508de921d2c484a354dc094898b1eb37b5b
-
SHA512
1592c6eabbfba5c8b568558ad182254e3b56297030106cdae1b960ebf03d3667288370025505db145fc6f0906d8daec18710d096854cc86409f8e5db53600819
-
SSDEEP
6144:Al0y/09dRjKGoM7cVq9llezhNZrLOnx3ourCktWBGLcDdFRRvf+2bUN3O7IPQXBi:Al8KqgAMXhqyx4oz22DzXBXozDT2x
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-