General
-
Target
PURCHASE ORDER.exe
-
Size
1.4MB
-
Sample
200624-27s75nya9x
-
MD5
f315ec23b5a581845fea692174b46232
-
SHA1
bf9b4f795cdca74ec362017a5fe553e9997ee3f8
-
SHA256
bca37ddb3330991ff40fdc9462eebaf28b8cca2ee0a3c89b4102517c77d2dae8
-
SHA512
a5dbec7eb97491162cff8a7aa27f039023700e0298a87fde32e6e71421006ffd010e979e10b0cec8b089dc3add8e7080c8dea5a93424a47d2cbc29790859391e
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
dave.tecoman@yandex.com - Password:
General101
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
1.4MB
-
MD5
f315ec23b5a581845fea692174b46232
-
SHA1
bf9b4f795cdca74ec362017a5fe553e9997ee3f8
-
SHA256
bca37ddb3330991ff40fdc9462eebaf28b8cca2ee0a3c89b4102517c77d2dae8
-
SHA512
a5dbec7eb97491162cff8a7aa27f039023700e0298a87fde32e6e71421006ffd010e979e10b0cec8b089dc3add8e7080c8dea5a93424a47d2cbc29790859391e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-