General
-
Target
Purchase Order_30323.zip
-
Size
941KB
-
Sample
230330-jrka9adb4x
-
MD5
f2a6ee2f2f9a13b6477fe4ac85988631
-
SHA1
5f65f7f34f1515c5dc4fbda99633989f36af22e1
-
SHA256
f11c9ea5e66eff2891f885da8c803482b04f2cc4cd8cd61fe9890e9252a009ee
-
SHA512
a2fa7fbdedb6076fe682251ef844e202bf2ee2619c98dbe52e42ba003e344fa322ebce0f150b725bc40278f28f1890f69d4c973d275fae9faaeb2ed1d66ba557
-
SSDEEP
24576:N9ICRMLQLgNQrAnJj3reZXkWKfHSH1JTwGHiCmQEtv2+:Y8Zgy0nxbeXKvSHPTtnEtx
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_30323.bat
Resource
win7-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@# - Email To:
[email protected]
Targets
-
-
Target
Purchase Order_30323.bat
-
Size
1.2MB
-
MD5
9bf4f0b46a23e99393442dc592d42c4e
-
SHA1
b052e1fbc186e2dbf1346645b30617166258be25
-
SHA256
0cec6fe99f27c7425eb235e531d19737ea94d3d15208d7533bb677fd2dd89794
-
SHA512
30b2d01b943e6ec4378764540b646045bc9a16e2928db8a546201f06d8ef212c9edb0948e33f6d75ad6bbd11ac00293d215fbaed7843288054dcc42d6cb14e38
-
SSDEEP
24576:1EqwuOOvaG184TpPbDdiLpWKZDd6hKM0SsJ6IjV:Xwunv9AWKZ2sx5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-