General
-
Target
a161ea90bcb892ba6a437d46db7a200e35c5e37786282f06c2926c601cb46fb0
-
Size
1.0MB
-
Sample
220521-mm59psfbgq
-
MD5
04cb64f263b8d5ca150327b91c1cac34
-
SHA1
ccccc9835ed8313a2d8c7c1b27f83a76d2a0ee66
-
SHA256
a161ea90bcb892ba6a437d46db7a200e35c5e37786282f06c2926c601cb46fb0
-
SHA512
4b35e97ac74cab678004d828b5058254251a0805f51e7fff042cbd5a8c6982a38bfc3fb421c31df23d100929b5f784a932c5788c446b1689d60fb052a8783a3b
Static task
static1
Behavioral task
behavioral1
Sample
June_Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
June_Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.bmdonline.ro/ - Port:
21 - Username:
webhost@bmdonline.ro - Password:
Dc~b!v(&D##4
Protocol: ftp- Host:
ftp://ftp.bmdonline.ro/ - Port:
21 - Username:
webhost@bmdonline.ro - Password:
Dc~b!v(&D##4
Extracted
Protocol: ftp- Host:
ftp.bmdonline.ro - Port:
21 - Username:
webhost@bmdonline.ro - Password:
Dc~b!v(&D##4
Targets
-
-
Target
June_Order.exe
-
Size
1.4MB
-
MD5
a67a1b3058424475c2356a0c0c0b910f
-
SHA1
01110987b248a3a7b55c9dee2980fd704a016135
-
SHA256
155065582ffa38e73b116c0d434fbcc4a5a3a1c860e018d0b921301be4187edc
-
SHA512
e3ad8de9350be77900ffdf47b6f8a51167c2b2b354fa1ec178ddbe07b6cee9e68f7c42a28a7307b22c2ea16106aacb1c6c0f900f0de0a2311d275d16fb19f046
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-