General
-
Target
d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d
-
Size
312KB
-
Sample
220520-3qwgnsccbq
-
MD5
e2414f3710396c1b16c605f28fb7392f
-
SHA1
948c4178d4feffe896648c5b25ba77950f83f46c
-
SHA256
d598e75a9f56eb7e27c7fe2dac26946e6060428eb16138caba9b715000da074d
-
SHA512
41d4e567d8b3fa3bf32f27d2b8e5953a6df2a339a9d3fe9b2fe6269075e78c733562f168ca193297a4a72daf54ea2afe598f218e2325d63ad0073d910ab92503
Static task
static1
Behavioral task
behavioral1
Sample
Lombard order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Lombard order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
Lombard order.exe
-
Size
442KB
-
MD5
3654c785bc5bc37d4ab31a354a6aab57
-
SHA1
be77585906c3415196e2a0e1c959c5094de29590
-
SHA256
bcdf903e15833b193349df7405af34e9b48a943c703d3ce222d82911e6e7d6f8
-
SHA512
4bf99ba4ac6928c47fad7954148e8390121facaa366da2a565f0ed4bea3ccb939fe8d8279a91765f854064339e26c55475a00a63b22ec5a8560654220a552d08
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-