General
-
Target
efa90e3fe4552c71a2e67a82df2adf575afd718c50791ea66ab4801865db718d
-
Size
234KB
-
Sample
220521-nyk9caecg4
-
MD5
3d480e4bf5283e4eda04259eab9bf7e5
-
SHA1
8935a1e13a8c8cedb6eb3abb724fc2d9e49ed3d9
-
SHA256
efa90e3fe4552c71a2e67a82df2adf575afd718c50791ea66ab4801865db718d
-
SHA512
e87419f742382d25f77653db46ab73acff918e6b7a6bccdfcf7ae1e72ade3905fc8a38363c2d47cee63a9721f2f68ca46da0356bcc3a1168e9e9c38ca253ccf4
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_310800312PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER_310800312PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dveshop.ro/ - Port:
21 - Username:
dve1@dveshop.ro - Password:
9rqYPoA&j)Hv
Protocol: ftp- Host:
ftp://ftp.dveshop.ro/ - Port:
21 - Username:
dve1@dveshop.ro - Password:
9rqYPoA&j)Hv
Targets
-
-
Target
ORDER_310800312PDF.exe
-
Size
658KB
-
MD5
ef88abe78eb00cd5ab6a47507eb691d2
-
SHA1
61494f99516aa43df25d42f21a92fac8193a0e0d
-
SHA256
655edc0e051a0acacca8d147b308a9560c61bcd4598dbe2f03f41b1aecb20e44
-
SHA512
05a0905c8388f69a172ee8ec4841ff5a5cae671224465bc6557818f8d1fe379bb8dac2cf9f0239cdd1af3e0b0b8b90dc9612f2d20676f3b3c33ba28daa97ce54
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-