General
-
Target
new order 00041221.exe
-
Size
400KB
-
Sample
211019-pv9cfagfhj
-
MD5
732de5ad320a92c57f1973c02147befe
-
SHA1
8c1d8475d0800d148448e3380e9e6b7e0ccdc562
-
SHA256
ab117e0e873dc84ac3c9d5498f5eeae6672a9b999fc59c0cbd66c6591c96ebd4
-
SHA512
a9231a8327485c2776b9494ef4429412dc7cb10270f7669039814bbcbd3d24c7f6eac8a96bb0021be47840357d5a6d00e654f3fcf2414f75919075095170a5c6
Static task
static1
Behavioral task
behavioral1
Sample
new order 00041221.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
new order 00041221.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e)cnIdR1
Targets
-
-
Target
new order 00041221.exe
-
Size
400KB
-
MD5
732de5ad320a92c57f1973c02147befe
-
SHA1
8c1d8475d0800d148448e3380e9e6b7e0ccdc562
-
SHA256
ab117e0e873dc84ac3c9d5498f5eeae6672a9b999fc59c0cbd66c6591c96ebd4
-
SHA512
a9231a8327485c2776b9494ef4429412dc7cb10270f7669039814bbcbd3d24c7f6eac8a96bb0021be47840357d5a6d00e654f3fcf2414f75919075095170a5c6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-