General
-
Target
b1fbe2f3ecc80b4f99cdc0fd9c98e7a413c7de7bb3ba320c170ff3a22fb7eca5
-
Size
776KB
-
Sample
220521-pgjvmaaebl
-
MD5
5d4ef7e4d15efc9ad095b1c73433c41a
-
SHA1
7a31db6b683d46462f2f54397b18d13284f6c52b
-
SHA256
b1fbe2f3ecc80b4f99cdc0fd9c98e7a413c7de7bb3ba320c170ff3a22fb7eca5
-
SHA512
6a58445dca5cf18401510f8264b02cba0908750a4001a950bf111c3adb36ab0416248144c4488c338ab7b6b153198ecf495d722f2d433824a8b7738a5d04bdf4
Static task
static1
Behavioral task
behavioral1
Sample
New Order Specification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order Specification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
honebots@totallyanonymous.com - Password:
572h094S
Extracted
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
honebots@totallyanonymous.com - Password:
572h094S
Targets
-
-
Target
New Order Specification.exe
-
Size
715KB
-
MD5
a5a9397437b908773046df59c011fefd
-
SHA1
d94ca75c9b27f13fe7d3cc7b5e51ba816d2e579a
-
SHA256
0c0dd463772fa620212c36148e7512efe415093bbd31e5dd6e209354f4b280ec
-
SHA512
91cda58f99bc5a29049c07040b8679d534bdb115b9912cabf3f0930edca100393389d97281abc9a394322bcbd7c7bff227280e51b34d6697b4219e2327e1b87b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-