General
-
Target
New Order List.exe
-
Size
369KB
-
Sample
211025-t3nsxshcdm
-
MD5
b1e2487e67ca99aa2ec8e90a85fba689
-
SHA1
7923fb310de2020fe2ceee7172cba946347b9c78
-
SHA256
606ccc9d7d6cef071c3b52a5992dcec6f4c1545c63f7e832b564131529692334
-
SHA512
716bb3a4ea9ea3558c7b8562bd8711519d7d9b46e4e31a16a142c115b4f07cd1298ba232715a83825e07e8fedb4cc0229c1add34dcb8e19ac52a70cff8e0afe0
Static task
static1
Behavioral task
behavioral1
Sample
New Order List.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
New Order List.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.crosz-trade-int.com - Port:
587 - Username:
[email protected] - Password:
)^eE(m@1
Targets
-
-
Target
New Order List.exe
-
Size
369KB
-
MD5
b1e2487e67ca99aa2ec8e90a85fba689
-
SHA1
7923fb310de2020fe2ceee7172cba946347b9c78
-
SHA256
606ccc9d7d6cef071c3b52a5992dcec6f4c1545c63f7e832b564131529692334
-
SHA512
716bb3a4ea9ea3558c7b8562bd8711519d7d9b46e4e31a16a142c115b4f07cd1298ba232715a83825e07e8fedb4cc0229c1add34dcb8e19ac52a70cff8e0afe0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-