General
-
Target
New Order.gz
-
Size
1.2MB
-
Sample
210120-k1vee61z3n
-
MD5
6009b12086df1d38a62b8c97bea56ec6
-
SHA1
6e4526d3280ed1b4d6eb20e6034bc0402ffe5ecf
-
SHA256
f9948f81eaf0e37ba783536e169286ea48bd432757642687f7038a78f6908670
-
SHA512
50c1ccfd60be19bb9ee60769ee16baea2a45ff9f7b333328121748bda91adf72370f3c5af3c8b4f3bee5ff3410a831d92ba8301aa989160bb261ed8757778993
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.airlndia.in - Port:
587 - Username:
ikorigin@airlndia.in - Password:
pkqNqbW9
Targets
-
-
Target
New Order.exe
-
Size
2.0MB
-
MD5
ae9df31d5b6b69fc51fa69e44a0a545b
-
SHA1
0eccb9463fc3a0fe2205d207b05cfcc1714ff9f4
-
SHA256
2dc6c9e63ff741bc81261986114f92653d3a994d270021c67a6e1d94982b86ee
-
SHA512
8817c487ec74ac1fd9a3135dfd50c6bd0fca0609c308c046c8e86ca06fb442416e360c1ab292b9cf0dd13d7c6b0e741c5610a9252949cb4b3f93923ca4a083b5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-