General
-
Target
Released Order.exe
-
Size
1.2MB
-
Sample
210721-b1a7k3l98x
-
MD5
13d3d8d9c655b799acce27ab6091847b
-
SHA1
a6e4e5363591c59bd99986e71a668f6d9c4b8550
-
SHA256
b42810cd608efd9b6058c018518048874d453ed62663f8a1ac2a2c6f2227b0c8
-
SHA512
593e96b5965415bd35fc7f41587d21ed17aae5d9c6b610c7ae9730e9da6152ac6ece0ebec370abfdde3aa95bf2e46f57a76accb1cc8388c40e00c98340401c8a
Static task
static1
Behavioral task
behavioral1
Sample
Released Order.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Released Order.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saitools.com - Port:
587 - Username:
[email protected] - Password:
ecotanksystems$0912
Targets
-
-
Target
Released Order.exe
-
Size
1.2MB
-
MD5
13d3d8d9c655b799acce27ab6091847b
-
SHA1
a6e4e5363591c59bd99986e71a668f6d9c4b8550
-
SHA256
b42810cd608efd9b6058c018518048874d453ed62663f8a1ac2a2c6f2227b0c8
-
SHA512
593e96b5965415bd35fc7f41587d21ed17aae5d9c6b610c7ae9730e9da6152ac6ece0ebec370abfdde3aa95bf2e46f57a76accb1cc8388c40e00c98340401c8a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-