General
-
Target
Order.exe
-
Size
698KB
-
Sample
210505-del2s736ax
-
MD5
59aec19eabb5c948f48f949405bf4c66
-
SHA1
86b55319d7d08bfaedeaec425a809d03b2f40079
-
SHA256
ebf9b72c2f7cf094032172e2f318cd41f385e4bb46cb123b3e3138561f8b20a3
-
SHA512
74ff7b142d6c27cd534e03364323184ad1097d398fe0f237a945d534db0b7b3dc53db9cf3b97e47d675c0c8430ba0bb66ed10866afdd80e9d51cfd1c34c71856
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
smithcargo22@vivaldi.net - Password:
invoice12345
Targets
-
-
Target
Order.exe
-
Size
698KB
-
MD5
59aec19eabb5c948f48f949405bf4c66
-
SHA1
86b55319d7d08bfaedeaec425a809d03b2f40079
-
SHA256
ebf9b72c2f7cf094032172e2f318cd41f385e4bb46cb123b3e3138561f8b20a3
-
SHA512
74ff7b142d6c27cd534e03364323184ad1097d398fe0f237a945d534db0b7b3dc53db9cf3b97e47d675c0c8430ba0bb66ed10866afdd80e9d51cfd1c34c71856
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Guloader Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-