General
-
Target
2118a50496820800cfc70a5ea71bc7b31904380ad10fa3ffda1e0296b8ea5cc4
-
Size
401KB
-
Sample
220520-2z8b6agcf5
-
MD5
dde44b59842817b673c7bde28db8a5a9
-
SHA1
5e6d723d8584832a5b49ba68924af384b3f16485
-
SHA256
2118a50496820800cfc70a5ea71bc7b31904380ad10fa3ffda1e0296b8ea5cc4
-
SHA512
8fc40c92722ff9914fd2e19e44e505341094a73c239000e4e09e659b04d948bcb76cb98029a8d466a5883ed0c5db8aa123978f557614effe01faceff98f66b0f
Static task
static1
Behavioral task
behavioral1
Sample
new order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
new order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Iqb*)yC2
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Iqb*)yC2
Targets
-
-
Target
new order.exe
-
Size
454KB
-
MD5
40af518941f73ee0867e18c6f44fd742
-
SHA1
36e7edd6ab29ec11b60f95b2fa9289430fa4addb
-
SHA256
ec35d01b2a195c348b20565d96de7d5dc6385dd23e7452b55ee4200cca7490fa
-
SHA512
26ec2e83620962c2f714c0db01659df4f9baf94fb506177e6402197af4c94efbb2d584e08157ad1ce0e9ebd56b16130f0c6fc40e2b925dfa1340cb49690194ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-