General
-
Target
d6e7fdcc12f880809b8b0f771c6a8c70b3bb61175aaf9e8b1e5e28e0fa3c486f
-
Size
492KB
-
Sample
220521-ng1mpsghbl
-
MD5
f533f1fbeb00d84b84d6fea9e6f0a794
-
SHA1
90ca8baa1d3c6fe2c367bc7bb6229399b7b4a587
-
SHA256
d6e7fdcc12f880809b8b0f771c6a8c70b3bb61175aaf9e8b1e5e28e0fa3c486f
-
SHA512
48564552d67c48b3033a2bb1e72018ef06238f04eb4ba113e680089340091c0309b419c1c901beb15d5641c1ae8aac09f40d3cd5176a21bc6f6ac6e7b8c917bc
Static task
static1
Behavioral task
behavioral1
Sample
product_order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
product_order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
elvis.lekwa@yandex.com - Password:
Blessed000@
Targets
-
-
Target
product_order.exe
-
Size
862KB
-
MD5
fd89db92cc4b158163c64ad0344828f7
-
SHA1
5cd9a1f73de7e78b0f7d11ba418b619e68952aec
-
SHA256
788997176a0679acf7a7b3a5606bfad33bbad561cbabac26964a687cfbfd9a8d
-
SHA512
c98da1897bb110ce7eff2c165238a9789494dfd59b1084d696e9b254da7c15f2f0053172d0dbe3cdca7d40de2c78d1fe3b69bc10cff225e5893199a1b5e2bb0d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-