General
-
Target
P.Order.23456.tar
-
Size
593KB
-
Sample
211025-qw2vesgca2
-
MD5
ffe2dffacebab481a9e243e0e4edce78
-
SHA1
ae814b0a953b299d6adf1ca32a93bf78a0f043a9
-
SHA256
dfe22863b3d4eae7e1aa3b7bd4c9ac5a90eb3cc6652778ba944c93130964c486
-
SHA512
32b845ffa620c3a5f8b0509008f790c2e317c136edc083195109ed38f6a1e48daeab38c3947e604dcba90bbd4a7c93efe97e52cc7958116b8c66c15616a6f83a
Static task
static1
Behavioral task
behavioral1
Sample
P.Order.23456.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
P.Order.23456.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
TOVSLRr7101
Targets
-
-
Target
P.Order.23456.exe
-
Size
937KB
-
MD5
42da0b0c9c2418ee99251936b7e6502a
-
SHA1
7a1a7fe78a082a607cc11c8ac20fb3882e84beb6
-
SHA256
d46a5d8087f90f6efc196968b77644b4d1ff26987a46764f31205d090e88db3a
-
SHA512
9c5743ab8b0bb625166241d138158fffecd7cd438a5537251a594bf86dd5b9d84912fae2d1b7e23f9fe050a8d97da9e40978e8c76a3be891bdd2516dc8785981
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-