General
-
Target
PURCHASE ORDER.exe
-
Size
704KB
-
Sample
240403-l17t1scc97
-
MD5
e00fdc1a9fb6b825777ec17cbbae95ca
-
SHA1
6699ee51a7d91a105a6527ff7e985772c79752a6
-
SHA256
a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87
-
SHA512
7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459
-
SSDEEP
12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
704KB
-
MD5
e00fdc1a9fb6b825777ec17cbbae95ca
-
SHA1
6699ee51a7d91a105a6527ff7e985772c79752a6
-
SHA256
a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87
-
SHA512
7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459
-
SSDEEP
12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-