General
-
Target
purechaseorder2.exe
-
Size
690KB
-
Sample
240617-p4pdmawapk
-
MD5
a69c139c6390c639ddd83f5c8e006788
-
SHA1
46521b93f8ddb4a94d0b8cfd9c41d44a4c72d4e3
-
SHA256
be6539fe8ddc73844ee2868d75eaffc895b235be6410e9533cef0e08eeb7ba8d
-
SHA512
0f712d6ba46f9c7ace62fc21ccdba9235d8595d207af91e0e2857f5ee073b322c9367318b5b8c1191e174e09ee4e0cc997b5c15485c998068ef319ddcafd2599
-
SSDEEP
12288:b2iNvFIsPAT1k5nUY2LCV5jgnSustlR3MjHAXAbO7wxwDFJS8uQu+y:b1DIKc1kb2LCCS3tnMQAI/py
Static task
static1
Behavioral task
behavioral1
Sample
purechaseorder2.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
*SGCViVH2@@@@11$#4%% - Email To:
[email protected]
Targets
-
-
Target
purechaseorder2.exe
-
Size
690KB
-
MD5
a69c139c6390c639ddd83f5c8e006788
-
SHA1
46521b93f8ddb4a94d0b8cfd9c41d44a4c72d4e3
-
SHA256
be6539fe8ddc73844ee2868d75eaffc895b235be6410e9533cef0e08eeb7ba8d
-
SHA512
0f712d6ba46f9c7ace62fc21ccdba9235d8595d207af91e0e2857f5ee073b322c9367318b5b8c1191e174e09ee4e0cc997b5c15485c998068ef319ddcafd2599
-
SSDEEP
12288:b2iNvFIsPAT1k5nUY2LCV5jgnSustlR3MjHAXAbO7wxwDFJS8uQu+y:b1DIKc1kb2LCCS3tnMQAI/py
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-