General
-
Target
711408471b885a72930b72e0d11c0124713d2b2bec2c9ddfd8c24562b1727e69
-
Size
406KB
-
Sample
220521-amqsssdddn
-
MD5
21b8a94d4d9a6ebeefcd39e110124015
-
SHA1
e8b28b87899cf1f42d7adfe5a1e339999e65df8d
-
SHA256
711408471b885a72930b72e0d11c0124713d2b2bec2c9ddfd8c24562b1727e69
-
SHA512
0b0fa89017a5851e7e1e9117c08a2aa7d2d6487f9c24b51278b4c452e01904a10246f8c53f9668690fbfe752c4151e337db87713fd4f43feb5f313566ceba3ce
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.avastragroup.com - Port:
587 - Username:
[email protected] - Password:
*vVABUb9
Targets
-
-
Target
Order.exe
-
Size
447KB
-
MD5
a5585c61696f798b764023501c3c2f23
-
SHA1
2f077851223b1fdd94a9866098fb22a47abd26f7
-
SHA256
7aa2e610774aeaede163770891fe671e27c484405eddb143631982f3cad77595
-
SHA512
081c57fd3d622b0fd8f9e27a5353493f367d04ad8ec686d19c2aed8b56496433026dfd660c0c11dba3cd329f0fb9ffda9e65c5f1e47975160109cf957cadef62
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-