General
-
Target
Order 00041221.exe
-
Size
503KB
-
Sample
211203-trc72shacm
-
MD5
7bfc35c1ab9e7be4e27af84de38e439f
-
SHA1
5f27b8402d22516e6b7e89527fd1a18bc4c4a727
-
SHA256
ec518c3d2b91a2d64ee75f7962c4131c0dbd68ed3b5c94304277baabdab1b335
-
SHA512
1e2b216efb16722bce9bc1939966a54e6951013f1f7943712be2d6c181e8f0544c86be5d10b9470d66bec4e87879d10bd9581f75900457ad9e97e080ad43bef0
Static task
static1
Behavioral task
behavioral1
Sample
Order 00041221.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Order 00041221.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
[email protected] - Password:
Chukwudim28@
Targets
-
-
Target
Order 00041221.exe
-
Size
503KB
-
MD5
7bfc35c1ab9e7be4e27af84de38e439f
-
SHA1
5f27b8402d22516e6b7e89527fd1a18bc4c4a727
-
SHA256
ec518c3d2b91a2d64ee75f7962c4131c0dbd68ed3b5c94304277baabdab1b335
-
SHA512
1e2b216efb16722bce9bc1939966a54e6951013f1f7943712be2d6c181e8f0544c86be5d10b9470d66bec4e87879d10bd9581f75900457ad9e97e080ad43bef0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-