General
-
Target
823b3fc9bffb074b433166e3d498b751bbdf59c1e08647cf4ed2f179af468743
-
Size
2.4MB
-
Sample
220521-pv285abcej
-
MD5
70e21923c5890a492c200463f85696a8
-
SHA1
e4dee775c2d5d6751670bb566de0e1d512692439
-
SHA256
823b3fc9bffb074b433166e3d498b751bbdf59c1e08647cf4ed2f179af468743
-
SHA512
8eb869a43e5ae5c39dc3f2aa0c329eb46d8f1641b88bbb44e3564e28be7522443c317715ed09f01162b7200ffbf85de0db273530ca42ccc33e0333d016d9c5d1
Static task
static1
Behavioral task
behavioral1
Sample
Veladecor_order1000000000_img.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Veladecor_order1000000000_img.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Veladecor_order1000000000_img.exe
-
Size
2.3MB
-
MD5
bf843f563de7b1d842993131a9710ae7
-
SHA1
3501e6159b8cbfdf0b80fcc8dee952afb79e1ba0
-
SHA256
aa1cbc4490796352b22e093125284877d57399696b722829f6b1056aa14c2eff
-
SHA512
caebf5ada247c8eeea509aaf358c8f17a52a2bbe15389beb6f218211cc72e503e51c7d53dae39fae2dddfd8bac9b57aaa042cf19d6152f78ebea25985f59eaff
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-