General
-
Target
Purchase order.exe
-
Size
744KB
-
Sample
220725-k435kabgdp
-
MD5
24b0be710ed42b1ec10224db8db55bf6
-
SHA1
597bce6e93351125632e9b92fb2ca35fca8bc75d
-
SHA256
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316
-
SHA512
810fb68f0199f3bf35b7e8894b9a978ad4533de9a9b8c6d0e39e260688ae77c6f922a71557f0812fdb815951500d6712eb16d6cae847701c5e0aec9e91af3bd4
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Purchase order.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5573921253:AAHXKq7lrmioCzUGP-9p7lopfbVX0A_ZdQA/sendDocument
Targets
-
-
Target
Purchase order.exe
-
Size
744KB
-
MD5
24b0be710ed42b1ec10224db8db55bf6
-
SHA1
597bce6e93351125632e9b92fb2ca35fca8bc75d
-
SHA256
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316
-
SHA512
810fb68f0199f3bf35b7e8894b9a978ad4533de9a9b8c6d0e39e260688ae77c6f922a71557f0812fdb815951500d6712eb16d6cae847701c5e0aec9e91af3bd4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-