General
-
Target
8690aab3bd2e7094664601bbf739c93e163c7ece800b977e117d6cf7cc10a0d6
-
Size
392KB
-
Sample
220521-xcxjxsegcm
-
MD5
045d5f812beb60e7e972da7859f54371
-
SHA1
c07fa525a57830010a2baf970091c356b25d1248
-
SHA256
8690aab3bd2e7094664601bbf739c93e163c7ece800b977e117d6cf7cc10a0d6
-
SHA512
f9b2f98d58862236aab1b57542798f87334cf517d0698ca17c310394dd93586b0cd6f7512f358448a10ae62505eb136c30fcecba834dff3a076b8f5164d00b1f
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
mentorloz@returntolz.com - Password:
Aboki@1234
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
mentorloz@returntolz.com - Password:
Aboki@1234
Targets
-
-
Target
Order.exe
-
Size
440KB
-
MD5
a8853d86e049ef88fcec04db0813c9b6
-
SHA1
07a072c932d58c9986e40133e531892cccd81768
-
SHA256
1da5c90fc98d1bc40ce6b94057b350cc13fc508b9e8af411d4ee62ccedc57a86
-
SHA512
93d670736363c4845c86042d3dd83d4eaa041bf1f67a12e4183010b1cfd87ceb0883fd54b77732ed9a623e16a3a18a21a8dceb89e653d213e3991a801d7bd5f1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-