General
-
Target
4d1a305677b40f091cf32c5da328764a0db60b8335da93367156170acb75f873
-
Size
1.2MB
-
Sample
220520-3czxyabfbk
-
MD5
98dbe45190aa40a4d765415c9b8cd8aa
-
SHA1
b6878e2726a87d3b6b7dd582a2f68bbecce29dd6
-
SHA256
4d1a305677b40f091cf32c5da328764a0db60b8335da93367156170acb75f873
-
SHA512
004e32f526c15b0b93f3196ce42baccd393cba824fcb97862e313609fd53ee40a109556ede649f7103163ac1f84d3f1d55464a7da0b872a4fa4dc2b2d4eebb3c
Static task
static1
Behavioral task
behavioral1
Sample
TRAIL_OR.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TRAIL_OR.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.arkinc.co.in - Port:
587 - Username:
[email protected] - Password:
delta@1234
Targets
-
-
Target
TRAIL_OR.EXE
-
Size
454KB
-
MD5
40c8f1776c47303a528127337fd1c0fc
-
SHA1
a8a8647ecb05233494caceca326bb8a7196e3166
-
SHA256
a669a995b5d4c7db8aa1ab4c0455477d56b16877ed72d1652f7584f1799b1d0a
-
SHA512
2d1149da45c7f87bf60ab2455f087a2561338c5c57795e67d920947b4aff5ac773e8aca3fadaf152de56721139ea279e27bec49532cc22700c1e9e7af449abd1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-