General
-
Target
0c43e02eeebde69a9dffa5245416937c2b0f182e1dabbf385d51a4ca2634c3d7
-
Size
430KB
-
Sample
220521-nfx57adfc9
-
MD5
1ae21fe55c7de8f83c216842ca68d5b6
-
SHA1
efe320f49750d59cd0ee4ca5ad4e916e0c878714
-
SHA256
0c43e02eeebde69a9dffa5245416937c2b0f182e1dabbf385d51a4ca2634c3d7
-
SHA512
0b2bbd823a54f690b5332e0cd5fef23c46dc07653a82f3bd7fc124d56cddf007c51cb494665d85ef3b4b8fe8ce6424c75cc6ad07ead9feb65aa0ccd36f2b1cdc
Static task
static1
Behavioral task
behavioral1
Sample
ORDER-985748998..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER-985748998..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rajhibulid.com - Port:
587 - Username:
cashmoney@rajhibulid.com - Password:
chuks0147
Targets
-
-
Target
ORDER-985748998..exe
-
Size
462KB
-
MD5
14d6c15c05e10bc8d1cad336799582b4
-
SHA1
5f2ff50c5367c4bf1726c2197edbb9545e1cd858
-
SHA256
93f3e27b37e68e5c0f93b68a5c171a9cf64c1093c4a416a042187a343df8dfe6
-
SHA512
de7cac398a985f816acdb7eab27b3db0cfd1a12735c3a004fc7048c700cd7d9bbb216c3c57545913c13f0750ff9fd2615de5536e1af7caaf7aa247b2368de976
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-