General
-
Target
pol.zip
-
Size
1.0MB
-
Sample
230327-tkesasgc6v
-
MD5
61493e7edac66d05b886c4eacfc2bf6f
-
SHA1
a6dd3be37c80b480036c9a49cabe1e431e3c0232
-
SHA256
62705b6f4641444e00c38eba57c5ba5947ca34bf5ac8691a915c8f0fff6afd23
-
SHA512
b35db12cd2598ff2f5c0ba429a0ad1320289a33832c048d510de4d9cee551a764933f008beb49a153a38bd9f6582d4c1e320fe38bcc0a7e1884eae1a2b4e8c4d
-
SSDEEP
12288:ZWGL+xfbXl+HzPRkDB1gEdnfSJPFXpqXqOYEgkOCIwzvoeJAULS80zRWuqOHA:6J+rRkDB154JPbqJYEECI4vJx7mExz
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
300.8MB
-
MD5
2c27c7e917db379466e9bdbaaac2932e
-
SHA1
b8ec76084b5918d5a5b8e004118b798d56f971e8
-
SHA256
76fe7a1601b2aca75cf499c222a2950181d2896caff1e925aaf9a76e47c39a24
-
SHA512
803e0de91208e60353569cab3a2deaa08e859f6c9952daeaab3d50c9ab1cf24bc8fc9112f25a34a447156d23d2294c0da5221d4abdfb9a885dda21c8a2a12ed7
-
SSDEEP
24576:JXjkj+rHRS/B1loJPbyxYq2CIebJ3v6EIBMTn+:JXjkkHo/B1l2yxYq9xvjzz+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-