General
-
Target
order confirmation.rar
-
Size
523KB
-
Sample
220930-rnewcsdgf2
-
MD5
effc25ad839736afe9c834a4e038d7c8
-
SHA1
3fded3001d66c1a45644f5ed2995cc53d637dea8
-
SHA256
8fb54e1438db82aebe87c4876a03f6855188fe1334dddc5bc1c6dcfb20239a22
-
SHA512
4cce77a0d5aae28023c67dcc236e1f5c37759711f08ec04e941d7903d52632e1fa4985f9b8dec4eb7bbf6d781007ecdf199cae518e426f8906d392ffd7dd98ec
-
SSDEEP
12288:jIZP3FXuO3KG95sDoEZQ60vqkATCVv2IHqoA9gUgKX8n7DwV:cZNuO3KssjmvDATCV5LNK+7MV
Static task
static1
Behavioral task
behavioral1
Sample
order confirmation.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
order confirmation.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5662683474:AAFvSjyPXTiwhBPcFi8of3_-_FCdfhhN8x0/
Targets
-
-
Target
order confirmation.exe
-
Size
781KB
-
MD5
05963cbe736805e0168a5fb3d6e6ae6b
-
SHA1
14dd852164396f3e05b6b3469263c497851f6f0c
-
SHA256
61b7c784665ee5e76aec4437bfcf67378d075f26fbb3a0dcabce328b3778a8be
-
SHA512
51b9207c2ccf5a6931660c623ed18a97c8a12ba0758ae891f54825114c0aa8a05ce70af42bcf8108e4835f7356e6a08d4b547d30a621cfcfb7d67ff38294fac0
-
SSDEEP
12288:qdxsEH/ARUwqxwZNVls4QM8tOqO5c1UADqjJ5nl0+9MK:qwEoMYNbsKbc0jrZe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-