General
-
Target
e5fdda87b00736d8e26dc8296d28b4dba78a611a016314dfa375f7196062b504
-
Size
410KB
-
Sample
220520-3bhx2abeeq
-
MD5
c0a73a4bf48a0a0d1275e92eddcff851
-
SHA1
bb13ecbec1ef6f5d9dbc74b39a8c60a0e3ecddff
-
SHA256
e5fdda87b00736d8e26dc8296d28b4dba78a611a016314dfa375f7196062b504
-
SHA512
1275d6e477030d233e43b915be0429965e0a37a8430e92580850209a9069afb438145b1eac8dbe697eeeed6981778b2b0c7c169905716448089e62f0048038ae
Static task
static1
Behavioral task
behavioral1
Sample
PI for requested order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PI for requested order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Extracted
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Targets
-
-
Target
PI for requested order.exe
-
Size
478KB
-
MD5
2680584211be8d5fb93057892e31ce33
-
SHA1
0fa0c583d7fed58664f6bc6d419e7d0a107fb5fd
-
SHA256
0bec6071e5185a2b3ffc0656e33da316380c56c12e807da02c28f4acad4a2fce
-
SHA512
4f3bb4c0c7e77093649a908a38f56119f3e24c50298e2053b0eeae3606ffdf6580e1cc455267ca5e8759d0e48218342bb13da339085b82c8deded4ae018603b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-