General
-
Target
Orders.mn.zip
-
Size
13KB
-
Sample
210419-nhbfa5gt6a
-
MD5
fbbad25e8d851e2d3ab09ba868c5d190
-
SHA1
16ebde8f93a5c9372e3a519f880dbc27d821e19f
-
SHA256
99fb89b43071f1c2b60514298ac2f28c27de776ea1bc0a2956304d83481daa81
-
SHA512
48e198375904e9abdf0f2b19d774c4069b48c15bff827e92fa084200846d627e105ad4fc3897481be22aefcaba2e2356d599898da910a4f11ea0893c1a34fb35
Static task
static1
Behavioral task
behavioral1
Sample
Orders.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Orders.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jumatsedekah.com - Port:
587 - Username:
[email protected] - Password:
YV1i#[N*@-6-
Targets
-
-
Target
Orders.exe
-
Size
23KB
-
MD5
74f25f624f40c12bf270ec8c79c042af
-
SHA1
2a44961bc6099b553258adda6b0c5e7871f8069a
-
SHA256
07ec2c9cdd71be2769952cb169ec7db7625ba8790d95cf3d977b9544d8efbcf9
-
SHA512
272a813a369f38db8ec1580d86181b809ef67628f5c6e44d078f9f45d7dbc4f19e5b7b64e29497621e29ef2c06b0950f0bab364d8177ea8d71dfa74b632a8eab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-