General
-
Target
02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb
-
Size
387KB
-
Sample
220521-pcxwpaaccl
-
MD5
3991ed28edb920369909416f6a6dfa25
-
SHA1
9eda21158cac48253de4e7f6a80d3e6d7cd2475f
-
SHA256
02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb
-
SHA512
a0bb0ed5f89b557cda569f6cbc64656c74b70b7def03f640b1a9b7f6edfe6da123c9b101552005d4840e03abea6c52de6ea5463b9f4271b54f01ef0975138fd2
Static task
static1
Behavioral task
behavioral1
Sample
order01.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
order01.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ab-care.eu - Port:
587 - Username:
info@ab-care.eu - Password:
bayar@2017@abcare
Targets
-
-
Target
order01.exe
-
Size
436KB
-
MD5
d72f02436bb252e33df8f00651ccc97b
-
SHA1
50ffad937f231b659fe7d438f14ed16b45ec3b10
-
SHA256
a7e448adfaa3c0d503907c2353cbb0190240a20f28f6a55bf146eb19f1a05273
-
SHA512
7b95786b03760d1511f15b6d0135d59b439cfbdd282fb5c27278d6aee02ede9067a0b389164eebe08cc1b6b4e3489cafed828b1443e3d416e5b5955115abdf12
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-