General
-
Target
f54324caf492c862048a6fd72e56bf3a36f2b8b4e6f0dd74fe07d289b484039f
-
Size
416KB
-
Sample
220521-b9wg8sgeel
-
MD5
b83efd22ede89e2f2aea10b0e889e2a2
-
SHA1
b53c2dc8255fa245f4ada73fda9c488a5daa4ec9
-
SHA256
f54324caf492c862048a6fd72e56bf3a36f2b8b4e6f0dd74fe07d289b484039f
-
SHA512
0f3280d67ee6098ab0936534f37046a9bd5cefa9d6ff8eb69839774b6d7d6f3832d557b7e6a589d60aa2a2d6489e230d6766bdedd5d9c6b347e2aa54cfc63de6
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kok-fung.chin@crowncorke.com - Password:
!9aT1sz8?9SqN
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kok-fung.chin@crowncorke.com - Password:
!9aT1sz8?9SqN
Targets
-
-
Target
ORDER.exe
-
Size
521KB
-
MD5
77559b96aa85d93521c6a495560752fa
-
SHA1
979df0aab3414738b825adee8bf322f35d77ba90
-
SHA256
6bece1991883897d6c949fa8eeac82f1bc6b7fbfaf581f5b5be776c4230bd007
-
SHA512
ab07c2f3e732d27756cf23c80c8ce99aa9a3456aecc117c614babee7c54881857933725ca235cec83eaab68144eb7d4996417068331242a6e476f5de217439ab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-