General
-
Target
a306c1bf6ee9feec63bd333440b0b042bed171e614b969c67b1cf915f2586195
-
Size
518KB
-
Sample
220521-aa131acgcr
-
MD5
bf2cf08bdf7e7f2862434a64065feeb9
-
SHA1
763919886e1aef9b117f8f2344473249b8d36f13
-
SHA256
a306c1bf6ee9feec63bd333440b0b042bed171e614b969c67b1cf915f2586195
-
SHA512
f30cc9807d096cca2e7e84c4cd5d034628e27152de4f33f315c3024b14bd9269cf4e101ac95a916a4c12e10ca6d4b9a95e45f550866031b99e053cdc1db3a701
Static task
static1
Behavioral task
behavioral1
Sample
Order List.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order List.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.listenerpro.net - Port:
587 - Username:
[email protected] - Password:
)LVOPJy2
Targets
-
-
Target
Order List.exe
-
Size
680KB
-
MD5
3ff28b1e5ec63b5413695e81f298a628
-
SHA1
c6876cc2dbcc6ebb0d745e8103cbcd73714b3206
-
SHA256
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
-
SHA512
5e0b9e6d283718403b5fb8f845de8466e24fad318eeeaaa19a189b2926e7e03a910a2406247dd2bff9dc9d299d5e9fa1860a4fedeb6f25e05f3ecaa22449b2bd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-