General
-
Target
5c35b079cdab560114e97cd7e796aa965e165b9bbe568829d808e97880b1f0be
-
Size
467KB
-
Sample
220521-ar5gradfdq
-
MD5
4127410ff98922773a12a423665caf2d
-
SHA1
185959e1cabf1dc6aaf59415770ccf26cbd67c18
-
SHA256
5c35b079cdab560114e97cd7e796aa965e165b9bbe568829d808e97880b1f0be
-
SHA512
200d7344f8f03fef83315472a4263d2c977c92305816b477221e38b18a8f6c8201516fa639d7cc337a5c32e1d7c87c171ad40b39ec147f80e2e3cb6fd9e9ae0f
Static task
static1
Behavioral task
behavioral1
Sample
34 Rhorder Pillivuyt-Order Sheets.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
34 Rhorder Pillivuyt-Order Sheets.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.arkinc.co.in - Port:
587 - Username:
[email protected] - Password:
delta@1234
Targets
-
-
Target
34 Rhorder Pillivuyt-Order Sheets.exe
-
Size
722KB
-
MD5
ca9aafa77412c3aafe7289a7dacefd88
-
SHA1
e677d8e23f45c9627bc1da9d407cc0b862a0dcba
-
SHA256
cbce9f783ed4cdc37d018d6b9f49c02ef83830759c6406531c0010f85f0506e6
-
SHA512
77d91d8d48cd45e054c1319b66ef0781e3333cf656797fea8f13c5fa357a3bee96141691735fc7800793334a368cb1d5b4a0c41c7fcf79d56bf207dac73462cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-