General
-
Target
9e66b6dc6da67edba4a09839d2ab3fed6ccfee437beec9d899ecc1ec6d031258
-
Size
400KB
-
Sample
220521-ab3cfscggq
-
MD5
7d68a58318d6aad0642f3c246ef80f62
-
SHA1
9e6aa8ead52e99839c3894c11e4cb0eef4e42d55
-
SHA256
9e66b6dc6da67edba4a09839d2ab3fed6ccfee437beec9d899ecc1ec6d031258
-
SHA512
54b1f48dea8ce41ffa5bce227a3750e29493cc85bac247f3d4d1e202a5fe7fb3700b7584e92a75886aab09f23013776b24a5643a05620559cab27a85e4c42a30
Static task
static1
Behavioral task
behavioral1
Sample
E-Order # EPHMMR36114604.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
E-Order # EPHMMR36114604.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.macboys.com - Port:
587 - Username:
[email protected] - Password:
appleservice
Targets
-
-
Target
E-Order # EPHMMR36114604.exe
-
Size
440KB
-
MD5
0da7a054e4ae5e6c1c364dc82b31aa99
-
SHA1
2cc09c42a23e1acd05945021b9d4a2a42b723309
-
SHA256
79c686d932bddbaee7d5468e72d1f6230b1b9f67ae28d45296219a1bd3c99ec7
-
SHA512
b0a23e2aa22eae61a32ac57f4fef46413333a1e4debef2a9fdfacd75c9589e279cbe2333849c5e702cc5e195db658637cb74c91f8d93bc85eefa1a00635e8f7b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-