General
-
Target
02a3fe2cb435f12ac2662c2767b06faed1802f9fba0d593da806f6696b99e080
-
Size
449KB
-
Sample
220521-d5jzraghb7
-
MD5
763697d550b9356058c73279dfc1fe66
-
SHA1
f758a8baecf4a1cf3c3d7db6c057bb524d2f6aad
-
SHA256
02a3fe2cb435f12ac2662c2767b06faed1802f9fba0d593da806f6696b99e080
-
SHA512
e835dcc0a42ceff1080e04e4789eef90c9a3611f5bcf4b165983e030a34b99bf95b4af53e99667b95f672de98b6417aa4dc4adba936931f82c82f1f0e3676202
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alexisborris@yandex.ru - Password:
@Veronica24#
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alexisborris@yandex.ru - Password:
@Veronica24#
Targets
-
-
Target
Inquiry Order.exe
-
Size
536KB
-
MD5
fa4f1460275e418e806f1aa28697c2ba
-
SHA1
c2fe7bb8962258708ba1769cbf1afdf15cabeecd
-
SHA256
5afb8b1e08dee442332deaabd3fb126ffd9d4b34056aa33e121f24776086695a
-
SHA512
50743aab40886fc24a21e5575621be159194375d64351bbeac38b37e65537600752ac31cdd9179961f7361a8a8f47cf86bd317a3e288503536b08ccbb66dfdd5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-