General
-
Target
order.exe
-
Size
433KB
-
Sample
211018-p1slwaeefm
-
MD5
dd664ec6d8c7ee931799bf5fea8de3a1
-
SHA1
7f00b0e16829429f2b71e7860f42a00286214aac
-
SHA256
1e6ec6f7a104787ec1f1c4da75a520ac98635afbda35e9be7735a3712efb2a6f
-
SHA512
ffcffa5da89cc83a8982d6d34b6d6b35f09798ad399659339d3e06bed2d4bb2aa5f7a90f427f8c6f76724cc74bbea8a3bad399b5eda7ba9a68d227dc48efc377
Static task
static1
Behavioral task
behavioral1
Sample
order.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
order.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
LHfoeKM@700123
Targets
-
-
Target
order.exe
-
Size
433KB
-
MD5
dd664ec6d8c7ee931799bf5fea8de3a1
-
SHA1
7f00b0e16829429f2b71e7860f42a00286214aac
-
SHA256
1e6ec6f7a104787ec1f1c4da75a520ac98635afbda35e9be7735a3712efb2a6f
-
SHA512
ffcffa5da89cc83a8982d6d34b6d6b35f09798ad399659339d3e06bed2d4bb2aa5f7a90f427f8c6f76724cc74bbea8a3bad399b5eda7ba9a68d227dc48efc377
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-