General
-
Target
13d2cbbbb33951c21bd06e946dd2eaf5945f678bd0f5e62a09c1b0a6765ccda1
-
Size
667KB
-
Sample
220521-nhs91sdgc3
-
MD5
e9a4c88c152b984c3538028f3ac72688
-
SHA1
1c489a639854a0f0eaa8077e9f0ba38f387aef61
-
SHA256
13d2cbbbb33951c21bd06e946dd2eaf5945f678bd0f5e62a09c1b0a6765ccda1
-
SHA512
de0ce28431b5018a5f9993b1676ef4daf9f2b3a19bd3649b2a3ea22c092297bd5ac99a718d988acc1aa284622887c6a183c85c1495889ef3c4fbae4131a40503
Static task
static1
Behavioral task
behavioral1
Sample
ORDER FORMi.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER FORMi.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
wc@radiomeff.mk - Password:
qazwsx@11
Extracted
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
wc@radiomeff.mk - Password:
qazwsx@11
Targets
-
-
Target
ORDER FORMi.exe
-
Size
965KB
-
MD5
8d7345631f4f346895f98240c6ec5059
-
SHA1
2e2c1602160bf5c26b4107f1b0ca15fa7354f4a8
-
SHA256
310357fce084be8373ed754c4a6ea2fb426d90aac3d1fb1fffae16b63051b9c4
-
SHA512
982b410e447810109c8f95e554ddf4b4e1b8135f8d228b0273a0f61c20e4f9b3e3e037d98b9441d5d28ae820a098ee19d17476526813757b0160be19b213c96b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-