General
-
Target
757a55b3e779982c16c33116eb2208316a448ec302263ea8a67e6d088434f76a
-
Size
463KB
-
Sample
220521-al3qzaddar
-
MD5
70ec403a10f754002ca06d98696f88f6
-
SHA1
4a91bdfc48cacaaf7d924d755c9c83774e8a9223
-
SHA256
757a55b3e779982c16c33116eb2208316a448ec302263ea8a67e6d088434f76a
-
SHA512
7b95ef49ce133c7602565e4b7e2c353841721b4b4f056bb2153d941eb28a5e1ca2e3c84866a1a41d4ce068fa54ad41f2047f27780587cbcdd46b1d80dfcf45d3
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 062920.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER 062920.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahavirint.in - Port:
587 - Username:
[email protected] - Password:
mailok
Extracted
Protocol: smtp- Host:
mail.mahavirint.in - Port:
587 - Username:
[email protected] - Password:
mailok
Targets
-
-
Target
ORDER 062920.exe
-
Size
717KB
-
MD5
2ffdef12a916aa08b42431eb1934ce62
-
SHA1
c2fdff35c21423434231baea7c454143f2ca0339
-
SHA256
b2d3f04b9fa07cc1efca983cfc40f4cbfccb0b24c7a7fe5acbce0476f8216da3
-
SHA512
cbb20b5cd81259807729b9678ab2f7c2c0971126306b9a801227814cb1ad57579701727f795550a9088426f478411dff458a4a73d9bdad3f88828dc2e770a7d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-