General
-
Target
December Order.exe
-
Size
969KB
-
Sample
221204-nke56shf61
-
MD5
3c8406ac154bba363837d323a2a5ccee
-
SHA1
a73f82eeef1422bf012ef7af853411a60bccb1e4
-
SHA256
94ebccd8a71740cab38549bb879d7c1a393c59e8b481e2e7bd37348e9724f39a
-
SHA512
60308e7bc4e862499b77c30c3bc6099c3336c78ed27c157bf2b1ca3a83ca705a6063d5cf8e4c987c2703401cf8cb8956a119ecf1c17900235f838a73c7b90f58
-
SSDEEP
12288:s9Gq7wTia38kfS/AzsEEY4rJ1j5DCwOGUBeFs9l76sI3Da+lLi93c/cfDSWf:swqETiwAAgEEY4dvDJb6+lLi9cKDSWf
Static task
static1
Behavioral task
behavioral1
Sample
December Order.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
December Order.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
MI{ml&po^Oii 123
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
MI{ml&po^Oii 123
Targets
-
-
Target
December Order.exe
-
Size
969KB
-
MD5
3c8406ac154bba363837d323a2a5ccee
-
SHA1
a73f82eeef1422bf012ef7af853411a60bccb1e4
-
SHA256
94ebccd8a71740cab38549bb879d7c1a393c59e8b481e2e7bd37348e9724f39a
-
SHA512
60308e7bc4e862499b77c30c3bc6099c3336c78ed27c157bf2b1ca3a83ca705a6063d5cf8e4c987c2703401cf8cb8956a119ecf1c17900235f838a73c7b90f58
-
SSDEEP
12288:s9Gq7wTia38kfS/AzsEEY4rJ1j5DCwOGUBeFs9l76sI3Da+lLi93c/cfDSWf:swqETiwAAgEEY4dvDJb6+lLi9cKDSWf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-