General
-
Target
Released Order.r15
-
Size
485KB
-
Sample
210722-p1w66x5w8e
-
MD5
6c8eba98915a064fcad85ae98528877e
-
SHA1
73b029cc5e191856c1ac019041bca71bf9481bd6
-
SHA256
6dab315ebf0f7fee41c9a2377512f4d2a98b0e1c27cc6980324c0820fcf163df
-
SHA512
887e6c0fac3ce65ea3297e2ef01c60faf660cdd5bbf85ab6561c5a4aeb7a75b1d063a1f246bce61340387e8a848a92f0cc9802278c667bbca5b489b54a63031a
Static task
static1
Behavioral task
behavioral1
Sample
Released Order.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Released Order.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saitools.com - Port:
587 - Username:
[email protected] - Password:
ecotanksystems$0912
Targets
-
-
Target
Released Order.exe
-
Size
894KB
-
MD5
99d846bbf242277134ba3b6cb92ab2eb
-
SHA1
96dcb922a1213c55bce5edeada748112b760d9db
-
SHA256
1988aecd504c91c63584f0ee4aa3d1a9d6f0f879763e7fc695230ec2703cb07b
-
SHA512
2adddeb4c73b6591c1659a5d0e22b7cf57468ff85e58f1332609b7b9fd62a9da1be4218e76168804a99a1386959cc23222b3a2a7a1575a2e4210a8c534d5df13
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-