General
-
Target
Order 4110043899.exe
-
Size
900KB
-
Sample
210727-lecqjbalxa
-
MD5
825cbb275c093bf072f2aad913868ef8
-
SHA1
4b2416183753e26090d043620894264fdf26f95d
-
SHA256
d67d60c7f4d8fb4d67571d372fc1e6ebd9cf1a12e7c4223b8bb4eb16d4c96e0c
-
SHA512
dd000ff1e7b68a90a058c7fe889bc2a79585d86972eff5a7d5dc6bff0197c662c2f1e2e85fd98ebc68d0ec5983e26d7083c5d6203669137d52d7583deb769e06
Static task
static1
Behavioral task
behavioral1
Sample
Order 4110043899.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order 4110043899.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ndn.edu.lb - Port:
587 - Username:
chefcomptable@ndn.edu.lb - Password:
Lebanon-Achrafieh-39
Targets
-
-
Target
Order 4110043899.exe
-
Size
900KB
-
MD5
825cbb275c093bf072f2aad913868ef8
-
SHA1
4b2416183753e26090d043620894264fdf26f95d
-
SHA256
d67d60c7f4d8fb4d67571d372fc1e6ebd9cf1a12e7c4223b8bb4eb16d4c96e0c
-
SHA512
dd000ff1e7b68a90a058c7fe889bc2a79585d86972eff5a7d5dc6bff0197c662c2f1e2e85fd98ebc68d0ec5983e26d7083c5d6203669137d52d7583deb769e06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-