General
-
Target
Released Order.r15
-
Size
731KB
-
Sample
210721-wf2s3l2yw2
-
MD5
b773f323b3c4305b74b0280d48986735
-
SHA1
3365b22ce0583252c64ec8d9b10b56ad8d1c3477
-
SHA256
61b763d5012aee40fea8a17077173a6fbb12ecf8339f9f3d4b5fb3e6f6bea91e
-
SHA512
af1b03a83157fddeb3a8f40cbd1512fe590db8ed1175a4c87c2590b6af7b753d00fa5674f4840dcafd92a7f3f709c179a25277edf770dab40408028df372fc0f
Static task
static1
Behavioral task
behavioral1
Sample
Released Order.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Released Order.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saitools.com - Port:
587 - Username:
[email protected] - Password:
ecotanksystems$0912
Targets
-
-
Target
Released Order.exe
-
Size
1.2MB
-
MD5
13d3d8d9c655b799acce27ab6091847b
-
SHA1
a6e4e5363591c59bd99986e71a668f6d9c4b8550
-
SHA256
b42810cd608efd9b6058c018518048874d453ed62663f8a1ac2a2c6f2227b0c8
-
SHA512
593e96b5965415bd35fc7f41587d21ed17aae5d9c6b610c7ae9730e9da6152ac6ece0ebec370abfdde3aa95bf2e46f57a76accb1cc8388c40e00c98340401c8a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-