General
-
Target
PURCHASE ORDER.exe
-
Size
450KB
-
Sample
200731-fxa6sna9m2
-
MD5
4c30879733bee6a617162ac01c72e99f
-
SHA1
72198172e29d4c0eb81888397dcae546578ed3d2
-
SHA256
5f40c09b663d4e544cd611c361ca19732f325cbb4310e0f671aa3dffb975eba4
-
SHA512
c7c203d6b3f46d40da1a09011c30e8b10b2351b1d43905c5466093a132f347045e97c9f98e3e54bd4821f21f7d6577ba5270e0aac19bfca957e252a5dfb7b500
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
mail.nilgirisfoods.com - Port:
587 - Username:
info@nilgirisfoods.com - Password:
Nil@GiriS1092
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
450KB
-
MD5
4c30879733bee6a617162ac01c72e99f
-
SHA1
72198172e29d4c0eb81888397dcae546578ed3d2
-
SHA256
5f40c09b663d4e544cd611c361ca19732f325cbb4310e0f671aa3dffb975eba4
-
SHA512
c7c203d6b3f46d40da1a09011c30e8b10b2351b1d43905c5466093a132f347045e97c9f98e3e54bd4821f21f7d6577ba5270e0aac19bfca957e252a5dfb7b500
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-