General
-
Target
066fa03544fafe77b9dec2db0fbc53a39bd9b04ccaf626574b8bcfc3cd0f8d6d
-
Size
944KB
-
Sample
220521-mm5m6sfbgn
-
MD5
6fbb66e74ba2b4712e2d51f1d0a81c0d
-
SHA1
41fd00918725b4cb4e43abc182d596714dcd5731
-
SHA256
066fa03544fafe77b9dec2db0fbc53a39bd9b04ccaf626574b8bcfc3cd0f8d6d
-
SHA512
6e1221e3c6c04be46c1d69e1de41e141ddefbdda03cdff2d4d2308508d6eb62f2736c9890b3648a2a69ebbb38eb66fd715f68a6f1d16ee07740dbd91b4afc7ea
Static task
static1
Behavioral task
behavioral1
Sample
Order specification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order specification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sarniotex.com - Port:
587 - Username:
[email protected] - Password:
dL@KoFb6
Targets
-
-
Target
Order specification.exe
-
Size
1.3MB
-
MD5
806c3237c2ea7615d9187127ab7c5d42
-
SHA1
1e3643893e5a7a2f91afc4091e1391a79988ce38
-
SHA256
3415b00698070382206702b57a7312c1eeba1f33aff4a02511eeb0fd9ce002c6
-
SHA512
5a55db591d8008a99ec40a57a4db730b5ecbccfeb02a45b4cc0f5beab65d2dc1e0a8826c0758d536fbf2b47cee64b60f978524cb0c585e9215ee11f1a3992a65
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-