General
-
Target
nOrder_Request_09-24.bz2.rar
-
Size
1006KB
-
Sample
240925-qk3ycaxdnk
-
MD5
fd9db203f7f5d5ab2483c64dd154c799
-
SHA1
b1139a45728550f608940793a0c2f02bb7f3c68f
-
SHA256
2fa0be27ab138f5d181529b0994cc201a1e7d551b5ff8cde083186ae5aa46a2e
-
SHA512
9b1ebb1eeb1e0873a0efb10e9950707cb347925e9a96932ee57cb4c750b9650e4774ee7ac49bf31cd1ffb4a3fab9be9ce9a71be2f194dc4c9ee39be90d343e2e
-
SSDEEP
24576:XUxRfhZiw/pS1e81AFxy846If6OFHqkAB4+yWeHA:XYswSBCMp6IyawvyzHA
Static task
static1
Behavioral task
behavioral1
Sample
Order Request 09-24.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Order Request 09-24.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.agaliofu.top - Port:
587 - Username:
[email protected] - Password:
QPS.6YYl.Yi= - Email To:
[email protected]
Targets
-
-
Target
Order Request 09-24.exe
-
Size
1.5MB
-
MD5
3e322cacdbc509091f2950c4e04ff85f
-
SHA1
d4eab59133e0f767f7c954ee11599d7c8fdffafc
-
SHA256
9e783a78671bd03144b0def1540d93a92dbb8fcdd5a75bfa26a1d11e6c613bff
-
SHA512
45fa5310f55df604989b511bdc094dda73dcbb3fea40a07253bb692ab33d0275912dcd4fcdbbeb52c33a8bf5b3aa3d2e832c03386b25600e99adcaf005a03497
-
SSDEEP
24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8aYB/yrO95Haw09t4EtDDkINjtRoSrKm0:ETvC/MTQYxsWR7aYB/t7HartldvoSr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-