General
-
Target
Order Specification.exe
-
Size
595KB
-
Sample
201109-q1njnfvabj
-
MD5
9e198cf548bc6fa6eac9017486b6ace0
-
SHA1
a20d91fd48feec508a4ff0dc058d5ff784b4b07a
-
SHA256
c9baa354736b018c901c69dc15ab167091b796763537522463fe6c89b3307d9b
-
SHA512
786156834126d923b4ba04735d51285ab3d6e6b612878e575d5ab9a71d1a8b8016376a8332d2c08980a2a25e6a5bb9c6780813d2df249ab2eafb54c1cd169a67
Static task
static1
Behavioral task
behavioral1
Sample
Order Specification.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Order Specification.exe
-
Size
595KB
-
MD5
9e198cf548bc6fa6eac9017486b6ace0
-
SHA1
a20d91fd48feec508a4ff0dc058d5ff784b4b07a
-
SHA256
c9baa354736b018c901c69dc15ab167091b796763537522463fe6c89b3307d9b
-
SHA512
786156834126d923b4ba04735d51285ab3d6e6b612878e575d5ab9a71d1a8b8016376a8332d2c08980a2a25e6a5bb9c6780813d2df249ab2eafb54c1cd169a67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-