General
-
Target
ed499345da89a2b6c7de62bd2957312cacb80be8f98e7d30f8cb4494ada536f8
-
Size
353KB
-
Sample
220521-nynpgaecg5
-
MD5
01bdf822f504d026b5ef0202c267f41f
-
SHA1
234b013a706560fd844024782b9354bc1620cbce
-
SHA256
ed499345da89a2b6c7de62bd2957312cacb80be8f98e7d30f8cb4494ada536f8
-
SHA512
ebe5c0527ccd1a05c06297127ff4148be3e7cfa5d0baceef4815a3b88ab18c0d7c0cca008514c19642f633c657ae6f3058de7e53a5650719138fd957719854bb
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kok-fung.chin@crowncorke.com - Password:
!9aT1sz8?9SqN
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kok-fung.chin@crowncorke.com - Password:
!9aT1sz8?9SqN
Targets
-
-
Target
ORDER.exe
-
Size
372KB
-
MD5
f4fd80aff8c66bf9a629565be047d235
-
SHA1
3796cc2a971b5d250533f6eecda37e441830b142
-
SHA256
e9eb4d205fad12909fcee34a44bceec578b13b8dd5c887b116d2f3c9c4818f66
-
SHA512
28f942a2e92ca042e746b3a85dcf5bfc671b3629657b0197c2a5aee1288b94878fdccca5560f9c0600b5047aa0a294c93525eaef95c339aa505ab2b2d3449757
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-