General
-
Target
PURCHASE ORDER # 12076038 & 12076022.exe
-
Size
897KB
-
Sample
221129-z5k3psca5w
-
MD5
152c62372d3ea07d023e1e187766fd4b
-
SHA1
32b630bc22b63d7eee42851175ebe43a13a92c15
-
SHA256
b3e12ecdee9eacc7354a7d43ccd3ebe7e6db207e93f73b7a847ff4bee9f27f86
-
SHA512
cde084b3ad2e0e7068b4e48d7a58f1173d17bd297a95f3c4af7ee104a80e3d9189d93877f044d652de42f13d6e6c446be97fc2c74d4ae857e93a10f84c68dce7
-
SSDEEP
24576:A7mvLPt69/L1tmzf5LzjG1Vq5p73+KXGUInp:Di/L1t8F61VqP3+KC
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER # 12076038 & 12076022.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER # 12076038 & 12076022.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dmstech.in - Port:
587 - Username:
sanjeev@dmstech.in - Password:
0]6F9Az.pqfd - Email To:
zakirrome@ostdubai.com
Targets
-
-
Target
PURCHASE ORDER # 12076038 & 12076022.exe
-
Size
897KB
-
MD5
152c62372d3ea07d023e1e187766fd4b
-
SHA1
32b630bc22b63d7eee42851175ebe43a13a92c15
-
SHA256
b3e12ecdee9eacc7354a7d43ccd3ebe7e6db207e93f73b7a847ff4bee9f27f86
-
SHA512
cde084b3ad2e0e7068b4e48d7a58f1173d17bd297a95f3c4af7ee104a80e3d9189d93877f044d652de42f13d6e6c446be97fc2c74d4ae857e93a10f84c68dce7
-
SSDEEP
24576:A7mvLPt69/L1tmzf5LzjG1Vq5p73+KXGUInp:Di/L1t8F61VqP3+KC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-