General
-
Target
0e8a984b01a89baf49f1ec946a0893a8cce6509386183ffca6429ab4c8b80932
-
Size
594KB
-
Sample
220520-3dyfhagga6
-
MD5
a88406228ffe634d8706a732273dd1c2
-
SHA1
0d14d86fc80c5f5025f7f31168122876010d2f27
-
SHA256
0e8a984b01a89baf49f1ec946a0893a8cce6509386183ffca6429ab4c8b80932
-
SHA512
db0e74c84e2f3f459d86134f76f288641bfe760a4d0ad4b038ff7e72d0547ba061b89adcf391339bbeadce4beb1932c558a7b445b8012d8dead3ab98a04ecc55
Static task
static1
Behavioral task
behavioral1
Sample
Qatar Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Qatar Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Remember@123#
Targets
-
-
Target
Qatar Order.exe
-
Size
952KB
-
MD5
35886dda90c82b5777f9173b5d0182ff
-
SHA1
9a6db6e787d57f5f29ac88bea46377f9b19f7d3d
-
SHA256
f9d23884ea2c8b181615c7e0eaeee633d85d5c7c76ed347ce02fb89c5529ebe7
-
SHA512
053512ab2f50c2c5639a969abab077a56aaa7c9f77f6710a2ce503d5a21ea6c6a706cb1f698ec092c9afd511c8189fbb5e7eaf59de668d4fa6d55890c93f62ba
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-