General
-
Target
REQUIRED ORDER.exe
-
Size
7KB
-
Sample
221207-h5hh5shh41
-
MD5
c68e150c213e614b8eed86bec7074a57
-
SHA1
588e888e99e13455a5c65502f6bda6ee55dac129
-
SHA256
e2ee31975055f1a2bb5b4eb478d7d693cc7022fbc36586aa9bd1088fe1a03eee
-
SHA512
fc420f30245e67ac4457466c57c3dbc527503516b82657f5915f9774e7be61cb420bdf0690bc49454214278583e24d81046cd43cdf1f51e100daabc9575e71d3
-
SSDEEP
192:UaCT1T4dytLR0ukYzHhNICgR4ur2FC6o:UaCBttLR0ukyZur2s
Static task
static1
Behavioral task
behavioral1
Sample
REQUIRED ORDER.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
REQUIRED ORDER.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5381304443:AAGHVkAfThlNIr1QK0cvWGNfRmolq65orZw/
Targets
-
-
Target
REQUIRED ORDER.exe
-
Size
7KB
-
MD5
c68e150c213e614b8eed86bec7074a57
-
SHA1
588e888e99e13455a5c65502f6bda6ee55dac129
-
SHA256
e2ee31975055f1a2bb5b4eb478d7d693cc7022fbc36586aa9bd1088fe1a03eee
-
SHA512
fc420f30245e67ac4457466c57c3dbc527503516b82657f5915f9774e7be61cb420bdf0690bc49454214278583e24d81046cd43cdf1f51e100daabc9575e71d3
-
SSDEEP
192:UaCT1T4dytLR0ukYzHhNICgR4ur2FC6o:UaCBttLR0ukyZur2s
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-