General
-
Target
PURCHASE ORDER.r15.rar
-
Size
659KB
-
Sample
240403-pea5psch9w
-
MD5
47237459049e1a1fef406c60bf2e579c
-
SHA1
a7e3a9e0ee2189789e8496b10f00871067969a8a
-
SHA256
bcb63c80b4b0c627f4a89aa24845e3e9ff0442f23a30ce0d1be48eba2a5d3a36
-
SHA512
d82e66d8e9082cb7c0bcd21db91fc163fb54c740af25c7414fb3e1384acd33a002ce006df4875fb5ac92ab41f883f19efcde3c9435a8181047b3e164c93554e4
-
SSDEEP
12288:mc6tcqbjiPZ5QqNJI7l0bsaGB6HoyVY1LPGGLuu5x/jWC:38iUqNaZIG6WPGMKC
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
704KB
-
MD5
e00fdc1a9fb6b825777ec17cbbae95ca
-
SHA1
6699ee51a7d91a105a6527ff7e985772c79752a6
-
SHA256
a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87
-
SHA512
7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459
-
SSDEEP
12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-