General
-
Target
Order PO.exe
-
Size
675KB
-
Sample
230402-j1593sgf6z
-
MD5
6b086fd896d82d0707ac4fa29eee1569
-
SHA1
ef66a56b2910aaa72c91310151d93fe8a2ca9738
-
SHA256
8065d7457588be9190ebc01cc9a6f42ba2e63eaeaa2157b6525f0a186548da00
-
SHA512
2ad7685609102f09b0829ed7d56df238b6230e341c98bb2d17c56f45ed9e19c770d7e744fa139ecc2c6415aa10dfed6e14a64c6ad8a862d81ace9fb1247fd269
-
SSDEEP
12288:a442y8kGK3yVAID28p4DJGOA9kHwC5ojE9cPPqyCDXZP8nwH0q+TXLOfsevimOMM:Qb3yVAYp4DS9qw/jE9cPi9Dt8nw2fOEW
Static task
static1
Behavioral task
behavioral1
Sample
Order PO.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Order PO.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ardsmmm.com - Port:
587 - Username:
[email protected] - Password:
Ard2015** - Email To:
[email protected]
Targets
-
-
Target
Order PO.exe
-
Size
675KB
-
MD5
6b086fd896d82d0707ac4fa29eee1569
-
SHA1
ef66a56b2910aaa72c91310151d93fe8a2ca9738
-
SHA256
8065d7457588be9190ebc01cc9a6f42ba2e63eaeaa2157b6525f0a186548da00
-
SHA512
2ad7685609102f09b0829ed7d56df238b6230e341c98bb2d17c56f45ed9e19c770d7e744fa139ecc2c6415aa10dfed6e14a64c6ad8a862d81ace9fb1247fd269
-
SSDEEP
12288:a442y8kGK3yVAID28p4DJGOA9kHwC5ojE9cPPqyCDXZP8nwH0q+TXLOfsevimOMM:Qb3yVAYp4DS9qw/jE9cPi9Dt8nw2fOEW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-