General
-
Target
6dab315ebf0f7fee41c9a2377512f4d2a98b0e1c27cc6980324c0820fcf163df
-
Size
485KB
-
Sample
241031-ylkgdstbkp
-
MD5
6c8eba98915a064fcad85ae98528877e
-
SHA1
73b029cc5e191856c1ac019041bca71bf9481bd6
-
SHA256
6dab315ebf0f7fee41c9a2377512f4d2a98b0e1c27cc6980324c0820fcf163df
-
SHA512
887e6c0fac3ce65ea3297e2ef01c60faf660cdd5bbf85ab6561c5a4aeb7a75b1d063a1f246bce61340387e8a848a92f0cc9802278c667bbca5b489b54a63031a
-
SSDEEP
12288:V3kyeuucP5ILiEtUfG2w9PoMSkbKxrktf2Ce5c+AKHVSbq78l:VUduuG5IG0UW9wiGkEt6zSSbq78l
Static task
static1
Behavioral task
behavioral1
Sample
Released Order.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Released Order.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saitools.com - Port:
587 - Username:
[email protected] - Password:
ecotanksystems$0912
Targets
-
-
Target
Released Order.exe
-
Size
894KB
-
MD5
99d846bbf242277134ba3b6cb92ab2eb
-
SHA1
96dcb922a1213c55bce5edeada748112b760d9db
-
SHA256
1988aecd504c91c63584f0ee4aa3d1a9d6f0f879763e7fc695230ec2703cb07b
-
SHA512
2adddeb4c73b6591c1659a5d0e22b7cf57468ff85e58f1332609b7b9fd62a9da1be4218e76168804a99a1386959cc23222b3a2a7a1575a2e4210a8c534d5df13
-
SSDEEP
12288:Sk2xCTW1mL3ySOqN2LFffpScuKSgLfXSwUSMPQipP5K:SZxCTW1mzyJFwcuxoVipw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Drops file in Drivers directory
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-