General
-
Target
6f532ffe156d2acf010955482d55d18b832d6e80344e05899f37a52a9ca0319b
-
Size
1.0MB
-
Sample
220521-am19jaddeq
-
MD5
bc2d741954ea0ce341b6722c2e5412b7
-
SHA1
c6a74c2176e36a52bd584ebd632470d983a03d48
-
SHA256
6f532ffe156d2acf010955482d55d18b832d6e80344e05899f37a52a9ca0319b
-
SHA512
8b06a8aaf48be841b6bb297463bc7c367ec28bbce99be839ccea706439c096ec9654e26d720e350fbc2a02f7b5f9adbd688463ac1ded6077eef1b29f7b6bc1db
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
*Kwr3hv#4X@h
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
*Kwr3hv#4X@h
Targets
-
-
Target
ORDER.exe
-
Size
1.0MB
-
MD5
87ddc6eee1b65cbc32de5dffb02e7a29
-
SHA1
d1e2e1e71ce118421e5d110e84c576ec530fb960
-
SHA256
bf70be02e2965f32ab1dd7337adf8c292110f33236c501d4c6a39f775b626cf6
-
SHA512
2094537d29119c28df54659103da545f80df080a6e2826cb1281aed8f129eeb75969dfaad38a1f1cab0cf5f759cfed610c0ed180d3719269c0e92be4c6a63e2b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-