General
-
Target
e7fdcc7b5868a0d68b1c531668c2b57ee2e5bbbe2d6da99025a577413376a372
-
Size
1.2MB
-
Sample
220521-mnehdafbhm
-
MD5
42b30b43f6f5bfcefeea91c26754c629
-
SHA1
bb15b11fcef23103b7d2dba646a59883fb306a31
-
SHA256
e7fdcc7b5868a0d68b1c531668c2b57ee2e5bbbe2d6da99025a577413376a372
-
SHA512
b6429bcb989bbc28adadc17ae7eae11fb9fc39b2249899577b0957a5fa2ea7f2cafa3b639f34a4bf81634b7ae436b1881d8fcdf9ffd7560cec4d4210a3cf3bc5
Static task
static1
Behavioral task
behavioral1
Sample
New order.xls.zip(~1.1MB).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New order.xls.zip(~1.1MB).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Targets
-
-
Target
New order.xls.zip(~1.1MB).exe
-
Size
1.6MB
-
MD5
e472d3a6d5bb5a1e8e173c2d9a8552dc
-
SHA1
997b8d1a66b133dea2bcfc87889578d6c5a0f5f5
-
SHA256
7b43d2b9046f44a08e2c3eca7fd8d87410c72c79f597697f2fd2585177b52403
-
SHA512
cdcc7e537d0167a3586d07c09c18bae7467dd0e613100593598257a2bb97fa9f8f7d50ea509463d2fd489a6c489dd7674cb9fbf196fcfa452e9b6bdb54148408
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-