General
-
Target
9d113bd61ca6f4ccef87a8d750298bd5b0dcd9b5db22f5387cc6055ca8ab20e2
-
Size
485KB
-
Sample
220521-n3stzshfgl
-
MD5
365aac80928a112ebc2bddde21f180be
-
SHA1
7e7902c1b752f454fd31665b37fdcbe603066e60
-
SHA256
9d113bd61ca6f4ccef87a8d750298bd5b0dcd9b5db22f5387cc6055ca8ab20e2
-
SHA512
77ec40e9b7720a4ba69367f49a191a49b8fa4ca7d32cc65560281545d316503aa6b4219a1ad43ee60bf3dd6b0f853cfe290efc0e4e3caf5a5033265f18814fb0
Static task
static1
Behavioral task
behavioral1
Sample
Order List.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order List.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.thermalinda.com - Port:
587 - Username:
[email protected] - Password:
hJIrKDxj7
Targets
-
-
Target
Order List.exe
-
Size
537KB
-
MD5
569ac4f4dc8e7e2dc11f261985521526
-
SHA1
d9c55dcc408349bd94188b3623c6768a8d4f5c64
-
SHA256
d0a350c1ca56ad366f1f359bb2485422b71168542116d443a402efaf76e60148
-
SHA512
1ccc0010816fff295407ed3b58905d0fe302cbe4ea1ab6d158d68346673ca476462a5ac50060d22e85e2d419e48abe02afa9a612aeb4f0564da591c55a834111
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-