General
-
Target
23052024_1317_23052024_Purchase Order.zip
-
Size
641KB
-
Sample
240523-qjrtpacf7t
-
MD5
5c9f92a2877cb91cc8ca65f9b2aa4cd1
-
SHA1
f51816047c4ee526d08c9162847797a72de97621
-
SHA256
e297557b10ea6d307041d09aaa5adc47c3dbfaab035f113761a46a4f2295a69d
-
SHA512
5a4df9b37293750e409ed485d571de978349006b11eee7963208d057aec36762125efb295e0379409a7d7dd3f645b8e819c7eec13bca5d1c92a5231363bf1902
-
SSDEEP
12288:10ZaK16pZqUfPw6Fyf+Vat5K0T1MDpX/LTjxQuy089LyuNm8C+RvPV:10jasepFyFt5K0T1MdXzPjygr2N
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
UTjMgxC7qqqqG5651@@ - Email To:
[email protected]
Targets
-
-
Target
Purchase Order.exe
-
Size
916KB
-
MD5
43e578ebe45c2e4c078091635f84f511
-
SHA1
2a69714402d85deae610f811ca06f2816199c5e3
-
SHA256
c6e9ed35281ff6e8fa492cb7c29b5c49c495cb1c56b841484c927d8486299b3d
-
SHA512
bd90c855fe17fea16e43704b7d360e1958e5a1a325ee9fbd240f6322123882b390864c510c3ce2ea80a1ad66589752a169e9bf066e68ca5888273e431dceafd7
-
SSDEEP
12288:P8ZLe6pZoUf766py9205K6TBjtkPVXkSCyzkUfGt82me:0ZLeaeE7pyt5K6TBjtk5kS1Ot
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-