General
-
Target
952e40c882a47920a83106a1e15be89653f0fb0e3d95cb75e79f579c30a3b83d
-
Size
393KB
-
Sample
220521-n4apsshgak
-
MD5
473b1e045cb1d55b3c8f82f1a450ef7c
-
SHA1
35bda1af18c4c2cb0c9772cf7cfccbe9bf5a3ef5
-
SHA256
952e40c882a47920a83106a1e15be89653f0fb0e3d95cb75e79f579c30a3b83d
-
SHA512
b93ceb7b368068d8fdd2939cbc9fca479f2c1dad9a6adf064487615eebb31d80212ebd0224d7ccdeb90e742c40cbffa6507b0f54ff7731d210f912bfbb307dc4
Static task
static1
Behavioral task
behavioral1
Sample
ACEOrder170305-1pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ACEOrder170305-1pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Extracted
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Targets
-
-
Target
ACEOrder170305-1pdf.exe
-
Size
431KB
-
MD5
5357bdd6ad1e98eb9e3dad5754f5334c
-
SHA1
036308c77f9b2bf40d3ea159b04dd35e2a9e9b05
-
SHA256
70bfe024a9e8cb1685b5fa97e4a77bdbd7c6f7296d47ba6a5f84a586c437a36d
-
SHA512
a6ee27bb7647cf14028d1034b96739f608a7a9922260d53dcab6a2e8958157dfca25c9c41f32c3781d585a36141718ba1f30f0e2a9e4668247dd89491bc2c260
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-