General
-
Target
purchase order No. 4502717956.z
-
Size
660KB
-
Sample
221208-qfbcjada8s
-
MD5
0d4571f1099fd1ed70b80b6a53bce4ad
-
SHA1
02ae898b8689db80f654d0e163500edf18a78a9d
-
SHA256
84e4b585faaac8c0fd26c1c2c5ad4d44d271e72dc65cf9625eb7266ac960fc14
-
SHA512
2d61206ba30424e6ff1e7ca4267bfa1efcbc00535c489d9b70ac5209a3cff81c5a4ca3a3c31e624b17a71e66ce81463021631bdc46a778fd38b7b716e05a834f
-
SSDEEP
12288:IzWX+Yv1OqSLUbMCLkLbvSJMBKWtBq2+D9Tfr/Vconfb7hfdBdI:ISXDn5LkLVKW2tRbRconfPxdY
Static task
static1
Behavioral task
behavioral1
Sample
purchase order No. 4502717956.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
purchase order No. 4502717956.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.reousaomilia.gr - Port:
587 - Username:
noratsoukala@reousaomilia.gr - Password:
nora2020! - Email To:
orginbox@yandex.com
Targets
-
-
Target
purchase order No. 4502717956.exe
-
Size
738KB
-
MD5
27d631027838d94262fe33e8b76b0543
-
SHA1
3fd40787525906c92cf9d485299e4d06b6043407
-
SHA256
b7394e25936c4fd44716fcdcce914a35c0cdb0980e4527035681df4f800520e7
-
SHA512
07b34c65df7e9f80cbe84c11c290cd64dca7ee2394ec47c9ef39dad3640ffc47e73895c769b2160d912013d79250379dde2fc363dc2cfcc64374539f08573c5a
-
SSDEEP
12288:awlxmomPZefGPtqvyuzj8DNaHHAq17pKbZaws+iKvaSUih4qxs4jnTS+Co3ry/J:GomxiGQFviaub0wnieNfm46+RuJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-