General
-
Target
Product Order.gz
-
Size
664KB
-
Sample
230612-qxwpssch7x
-
MD5
a4f93a0c0ed2ece36f307a1ac31d4d35
-
SHA1
0df0f202b57021e4ef261df62bb44680370f0fb7
-
SHA256
d30fa0321c74d47ff319db345eaa7bf720a8bdde4a524a0b46f4a21484c75d1a
-
SHA512
522500b9051f32d9ded80135a0ae0d7defc2a71b849a41b4e591511652a4f0ae3cf21c605915e88f4ae72d95923ca2aea7e9a503860511b2b36ce42976cb70ab
-
SSDEEP
12288:F8+ryu3bqjh8mol8BWQN+9b8pYvWMfFIjkx5JgUVeWJlB0cSGcs18h+ZLQOidt2C:Fh3w8mol8BWQN+94CeMfFZJgUVewb/H2
Static task
static1
Behavioral task
behavioral1
Sample
Product Order.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Product Order.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6254200827:AAE72ehike93Yl10K-g-eoD9WA3Xk9taVes/
Targets
-
-
Target
Product Order.exe
-
Size
776KB
-
MD5
dc864332ee7a85324d0cda25fac3bf21
-
SHA1
5be0e586e93b9042f8a72e1c1bb1a5182a4066d3
-
SHA256
8aead2c3d3796d348dc61029023a5679f2ef747c8ce155a767d5e47280e5ec26
-
SHA512
f02820ec93fc9f4794e5144986f9defa41a5510c758f43273eb6ad7d0b9ad537ebab5cacc63ea705152eb514572abe345db29406d4a9fabddde6b7cb8ee1e1f1
-
SSDEEP
24576:KiOV/NOapDl4JebJgUte4/pB18/dBrZNx2JBJ:KiOV/NOapDlpKUM4/po//rZz2JBJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-