General
-
Target
96859a1c445d4185d9528eb39ff088714b497a719f6a5b818e06d3bc1aa0c5d3
-
Size
395KB
-
Sample
220521-adxvraaah5
-
MD5
46d9cf8abdf8142741e7536c2d6a917f
-
SHA1
248ec0c043ea12c8a39b8b8854ebdcfa5e48f488
-
SHA256
96859a1c445d4185d9528eb39ff088714b497a719f6a5b818e06d3bc1aa0c5d3
-
SHA512
85fb9a6a51a8bf344d9f8804f8432bd12b68ef58646406ebe976c12d2c00e71c6ed02807494b6b2485fceef1642817c0e4dc21ecce37118d02884dbde5a9f0f6
Static task
static1
Behavioral task
behavioral1
Sample
New Order Documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order Documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.retramtrading.com - Port:
587 - Username:
[email protected] - Password:
@2018sales321
Targets
-
-
Target
New Order Documents.exe
-
Size
582KB
-
MD5
a7fc3ba4f95b0c44441dc9bbef395421
-
SHA1
ab57e90265c7263be4ed81d39ee85f57c3dcbd89
-
SHA256
a7e0905c5d68fe5f16d13b0df46686024170844c5d68af7b7fb6dcb4fb355e2f
-
SHA512
163de547e1b847f76d532c266b2b660218b33df07be9bb927db447453c964179a7ecb6c0b44a37402e2f43ff324a563e9cba223da9e1589813ad121d5d59b1df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-