General
-
Target
18062024_1249_New_Order_xlsx.bz2
-
Size
28KB
-
Sample
240618-p2hhasybqm
-
MD5
e9297d8f85b351ca0575b4b722256631
-
SHA1
5b879282fd4674e19e67012b6dbe42ca6c529762
-
SHA256
31516782702f7eb5dba59fcb42c79e638f4de7a616d68a357baf8dc97c870a61
-
SHA512
cf87bc042a5a63759375dc70dd4e979d453e490170c264a8ef1116527bab6ea1543179aaf0950ae3cfdfd554a928514835bae4eb353b6ee5621bfcc232545dc8
-
SSDEEP
768:SEttryVpvbiH8Hz09lBo6xkRnOASt1Ms8bdN:SEttu/rzYjkGUpN
Static task
static1
Behavioral task
behavioral1
Sample
Order_doc_3898934784389932787823637832893278.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Order_doc_3898934784389932787823637832893278.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hypos-care.com - Port:
587 - Username:
[email protected] - Password:
$zg$gUa2 - Email To:
[email protected]
Targets
-
-
Target
Order_doc_3898934784389932787823637832893278.exe
-
Size
73KB
-
MD5
7f9f6856748008e47c736664df0f97d4
-
SHA1
6be6218294e24d5515e09c019656a8c0cf34100e
-
SHA256
040a600783e2b014cd6b8163e36611d2af9a7246d70d34b9b32ab23ab4691605
-
SHA512
fa8c2312eb905528f90e54e38e45997dcf0013ce891542bb7d1c38ed584b78aa0b1d335276271fddd2d750ae8abfbb80fcc03d90fa331c9f32cf8ecde8851cac
-
SSDEEP
1536:RJbGquvrQcdCIdTaqc3aBMohSqdXnbCu81nFS8mO:RVGPrQWCIEqBBRhSqdXbCu81JmO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-