General
-
Target
REVISED NEW ORDER.exe
-
Size
589KB
-
Sample
200630-jc2m5q4y2x
-
MD5
9b37d3dd9ff4036b3132873292a2e672
-
SHA1
79b74ebaa8da63b409eaf6d5b6e13076b25734a3
-
SHA256
ac817954a4511d2a0ffca7832b48d137db1b299d7ff055709eda1d12460e81c0
-
SHA512
3d973e02189d47458355faa6018381140383219cf1783e90c6a54aa1f3d5191b1ef69d09b1d86a0c79d519575d50f0569a285bfd0c31547fd77058779d62a307
Static task
static1
Behavioral task
behavioral1
Sample
REVISED NEW ORDER.exe
Resource
win7
Behavioral task
behavioral2
Sample
REVISED NEW ORDER.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nednwokoro@jakartta.xyz - Password:
nwaotu65
Targets
-
-
Target
REVISED NEW ORDER.exe
-
Size
589KB
-
MD5
9b37d3dd9ff4036b3132873292a2e672
-
SHA1
79b74ebaa8da63b409eaf6d5b6e13076b25734a3
-
SHA256
ac817954a4511d2a0ffca7832b48d137db1b299d7ff055709eda1d12460e81c0
-
SHA512
3d973e02189d47458355faa6018381140383219cf1783e90c6a54aa1f3d5191b1ef69d09b1d86a0c79d519575d50f0569a285bfd0c31547fd77058779d62a307
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-