General
-
Target
ORDER.exe
-
Size
783KB
-
Sample
221129-k9lsgahg6z
-
MD5
effa64d665cc881b80faefb053896c75
-
SHA1
314ae8a3bfbbae37b92ab9c1d4e72a2f3ba77959
-
SHA256
9d6b6913c2b8b1084f4177076c9c2b759ce8a903bc7baf1b1c0ef3bf5635c361
-
SHA512
8edb0d1298146e744847cc4efafcce3da52859b3beef6d8e3ca15049188abab93f1fb7c097cae4515d2faca29662d57fb7c3dbb5a9be8c9fadd89bdb38c15fc7
-
SSDEEP
24576:QivLGVB70aw1s/U97WopiNc9/LkInstI:+VB70aw1u8piN0/LMt
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ORDER.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.southernboilers.org - Port:
587 - Username:
info@southernboilers.org - Password:
Sksmoke2018# - Email To:
obtxxxtf@gmail.com
Targets
-
-
Target
ORDER.exe
-
Size
783KB
-
MD5
effa64d665cc881b80faefb053896c75
-
SHA1
314ae8a3bfbbae37b92ab9c1d4e72a2f3ba77959
-
SHA256
9d6b6913c2b8b1084f4177076c9c2b759ce8a903bc7baf1b1c0ef3bf5635c361
-
SHA512
8edb0d1298146e744847cc4efafcce3da52859b3beef6d8e3ca15049188abab93f1fb7c097cae4515d2faca29662d57fb7c3dbb5a9be8c9fadd89bdb38c15fc7
-
SSDEEP
24576:QivLGVB70aw1s/U97WopiNc9/LkInstI:+VB70aw1u8piN0/LMt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-