General
-
Target
92afd7e1c0f53f85f3a62bd54472966546a6d87e517c4439ba26ad1431235ccb
-
Size
410KB
-
Sample
220521-ndbt6sdeb9
-
MD5
3584ebbb4876d596b8c558d594c99280
-
SHA1
f490c143ad4af88a7dd90cae03094b1d3ff09b6f
-
SHA256
92afd7e1c0f53f85f3a62bd54472966546a6d87e517c4439ba26ad1431235ccb
-
SHA512
2f9ce4209609e635a4002c1312cd3cfc8034052938f6602c662627f40b7db279abb79783b8b87b0aa379bbfe90bb0166ff5fb43f7e14a15bf1843a3d724c779f
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 062920.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER 062920.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahavirint.in - Port:
587 - Username:
[email protected] - Password:
mailok
Extracted
Protocol: smtp- Host:
mail.mahavirint.in - Port:
587 - Username:
[email protected] - Password:
mailok
Targets
-
-
Target
ORDER 062920.exe
-
Size
475KB
-
MD5
1ac44ab27bd3611122ec00dbeb27f775
-
SHA1
3f534c105ccfa16d1c91cc81db1793cbc25572f2
-
SHA256
d1b548cd7f6dfff33fc925d0cbe43ffd4a533119635b07978ce146c2a113d4a1
-
SHA512
c03be94812c7fab93f0e8bd08ab5df29d8e2a7980ea2158d7050a9719906f14bc32da4e7f3f3f335e11497c2bdbbbf8dd1081df05d81b66e6461f03eff9b9f7b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-