General
-
Target
331ea80d27c5da40c1477567abd7124c2e65d0ff805154bedbd21111a3d92eac
-
Size
1.0MB
-
Sample
220521-mne4xafbhn
-
MD5
8b1c47679d64f9ef799581d4d31273d4
-
SHA1
a94638e573244de63df8dc361135b025f3874825
-
SHA256
331ea80d27c5da40c1477567abd7124c2e65d0ff805154bedbd21111a3d92eac
-
SHA512
561d05cc8b5d3873e739942c55bf03c0d03ccb97ed08ccd452fd5efd2501f0207e2d955ba773b709243045bc15b184d116b9967b6d2c61e8c56d01e5e1c6b521
Static task
static1
Behavioral task
behavioral1
Sample
New Order #000110.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order #000110.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elkat.com.my - Port:
587 - Username:
sales@elkat.com.my - Password:
$9921%sales
Targets
-
-
Target
New Order #000110.exe
-
Size
1.5MB
-
MD5
718bde8c24b428a31040e663ce4bf09a
-
SHA1
fdbf530adac7c52bbcc1d9e27776edd029279368
-
SHA256
005f9471feeb0047d099b569c4c73b448218a8b2e24b4bffcc1e91b324adc61e
-
SHA512
2aae32779dc2dfff49fb21867b255fdc6dbdfb5176bca4326c4ecaa1da7baa3c1c1fc5c860bd5ba0c6948628361a82fd7cf19fb5881fdb8100746a2f2c41c095
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-