General
-
Target
ORDINE AR2330GTD 2023.ace
-
Size
620KB
-
Sample
231212-ph4w7acgdr
-
MD5
8364b2c89df04a4f640aa7e4065d62e9
-
SHA1
8b480e23d8a61f3dd3897e1589def586c3dfbfb4
-
SHA256
4bedf2bc1d0aab9174d20189412427e908bdaad29dcd26a13cb630ebbaa0155e
-
SHA512
49954a797482ee2cef144aee140946e5316a01b6dd97af00ab9fa91b57e2b63cd97c41de263285fb82565c6effee308fb55464470ac412bb8eab4881ceca9d11
-
SSDEEP
12288:62XVhO4lUt6Qwo9slch8DwclvOeNM58aemDfkhHD6kc0YLGgTp+JXL2gdX7ulT:JXHlUtTwnchrcJi8ae556x0KFp+pL5A
Static task
static1
Behavioral task
behavioral1
Sample
ORDINE AR2330GTD 2023.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ORDINE AR2330GTD 2023.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wrklearning.com - Port:
587 - Username:
[email protected] - Password:
worke2300 - Email To:
[email protected]
Targets
-
-
Target
ORDINE AR2330GTD 2023.exe
-
Size
666KB
-
MD5
3799fa4b4d57013880952ec3793b30fd
-
SHA1
9cd4bba363b97b73c7ccc60706ac8dcc1d3a8fc3
-
SHA256
aa3875e92ca68427530c01b40918bb498b1e134a1c43b80e155b97e2e1569d67
-
SHA512
447ccbe8d01907eda242c0817938439c4969beb91cc0186288d71cb1cce3f285b98c2850c373475ee763ab6dbe726f3db76d8a295044990a102faed5ec418fb3
-
SSDEEP
12288:SX5+4WpAEWy7R5Q22K1K35341Xx+wEKMPOdkNN6n62/MuFwZf0GvxHvLz3p3+:PpAErK22K0ix+uMPbYnTMKsfB5vv3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-