General
-
Target
795073c7ead0170ad600c8951c99c630a6e0f0febc67247b518cd764a8cb02b7
-
Size
390KB
-
Sample
220521-n5vflahghj
-
MD5
54734ff88b52babb163877717e8d5735
-
SHA1
0fbfb5624436b5af0ca25bed0f855231d6acac07
-
SHA256
795073c7ead0170ad600c8951c99c630a6e0f0febc67247b518cd764a8cb02b7
-
SHA512
2aa889975a05cb704047617ec3d9724a3a8f45a76b758735233214e246a7cfd477dc21267542e96566476964e036880536d2e0cef62829d25c0920ecd1f91b6a
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_LIST.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER_LIST.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ab-care.eu - Port:
587 - Username:
[email protected] - Password:
bayar@2017@abcare
Targets
-
-
Target
ORDER_LIST.exe
-
Size
444KB
-
MD5
84e7c04788a3a119123f56312db8c042
-
SHA1
f0acaefd55714c85d04b8a7a989946d4cfbeb8c0
-
SHA256
bfca04674fa6b8750999ea3885509542dd6bd0574cdb1dae6d4161ab70badb54
-
SHA512
f19566d1d8345d0a1073a792b3521c191d7b331d948133f87d7ec413311f19d54a423a3303e6f0e229db7fac8eb7ebf0dfb2fcea9c38817066797d74520f77c9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-