General
-
Target
ba872ff75db69d21f48fe2e5ca1c4bc4335ad60654da1c60869a064ffd9c7433
-
Size
428KB
-
Sample
220521-bj7gtabhg9
-
MD5
9387861436c1c5a35d880df3f1a202bc
-
SHA1
15867b0552f297f7e31c3ae9893ef247792256cd
-
SHA256
ba872ff75db69d21f48fe2e5ca1c4bc4335ad60654da1c60869a064ffd9c7433
-
SHA512
21b6295ccc900b34f70b98ac6b1c80fa3c552d2841436fa8e171e8333a33127e084c61e3bff7fef253885a37859d08f754b91cfbf4a213d231cee8492d79766b
Static task
static1
Behavioral task
behavioral1
Sample
Order Specification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order Specification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
AMBITION123@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
AMBITION123@@@
Targets
-
-
Target
Order Specification.exe
-
Size
798KB
-
MD5
eee51ed4cc3d02fab09ee8076e61acd3
-
SHA1
4cedd13f503cfa1219ea7b8fe1157ac1ba96c43b
-
SHA256
3c6902ab74526dac496d24e6be3db45c54d4ccc2530725c353dee1495c34b7e8
-
SHA512
26e9db99c1aeaebc61bdad217068f84b1dd7ed83fc819186a849e68abea731af22fb4790cd63859a9f83459c25f8319a3495eeb16eb9c78cc6b9e2c55260095c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-