General
-
Target
ORDER-221202.xls
-
Size
38KB
-
Sample
221202-vrhcfaca2z
-
MD5
f79fc28e4f8f45673f7cd89ebfdfd8f2
-
SHA1
c42880c461fd52ac284659592b00979bfb2b4e26
-
SHA256
7848297de8cb3a65afb8413171818248db22bc4f47f57aa0f4aa5effda1ca94e
-
SHA512
5c38b393d9b358e91febb56f540c52f14ff991a8bed5b909e8c0b71814d467f3ea81084835774f109168f05263890339d03f5311ffa2e22d8b2b2e9a0f7ce557
-
SSDEEP
768:gqDZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAKg4xau+yPRBUVOPh6k/vZiGBFDAEp:9DZ+RwPONXoRjDhIcp0fDlaGGx+cL26V
Behavioral task
behavioral1
Sample
ORDER-221202.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ORDER-221202.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
zahimrahim18@gmail.com - Password:
pifgweijlylkellk
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
zahimrahim18@gmail.com - Password:
pifgweijlylkellk
Targets
-
-
Target
ORDER-221202.xls
-
Size
38KB
-
MD5
f79fc28e4f8f45673f7cd89ebfdfd8f2
-
SHA1
c42880c461fd52ac284659592b00979bfb2b4e26
-
SHA256
7848297de8cb3a65afb8413171818248db22bc4f47f57aa0f4aa5effda1ca94e
-
SHA512
5c38b393d9b358e91febb56f540c52f14ff991a8bed5b909e8c0b71814d467f3ea81084835774f109168f05263890339d03f5311ffa2e22d8b2b2e9a0f7ce557
-
SSDEEP
768:gqDZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAKg4xau+yPRBUVOPh6k/vZiGBFDAEp:9DZ+RwPONXoRjDhIcp0fDlaGGx+cL26V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-