General
-
Target
33da88b59fad8464359e3e837c239cfb2aab7fe3762bb3485da07b9ca21983ad
-
Size
467KB
-
Sample
220521-m5b4ksdae8
-
MD5
203f0f7d7020771780edae24d81ce627
-
SHA1
5988e8a3d812a19fc462c43adab0a157009f96fc
-
SHA256
33da88b59fad8464359e3e837c239cfb2aab7fe3762bb3485da07b9ca21983ad
-
SHA512
7189fb69ae514ca88c9fc3c71d857d4566eb5e5618f11e5d0c54497399badf0e5e639da63c0c61a6b277316e818a47c57c9606c01edf4168c781bbef20e3d7f4
Static task
static1
Behavioral task
behavioral1
Sample
Sep_Order.rar.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Sep_Order.rar.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ph1cool.com - Port:
587 - Username:
[email protected] - Password:
KZVHVma2
Targets
-
-
Target
Sep_Order.rar.exe
-
Size
768KB
-
MD5
ab67a9feba8c5ec3e11597fcb21c6f29
-
SHA1
a42d5ba4f9dc6c1229b702d1952bd7add3c55cf4
-
SHA256
7ddc15860b3ad79c71728581274d212c38c203fc5747c217ccde359e835d690f
-
SHA512
04451a36c23480f608e55ef183675e8c20c8d7326a97f8ebae7f26f9c2612bb0911de2a353b23686cf8f6395fa927dd41994465c584722ce40fb6ba3eb6683e9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-