General
-
Target
NEW ORDER.zip
-
Size
474KB
-
Sample
210727-4b91vl4cbx
-
MD5
45915cadc98f8a44bccd5a1478d05d83
-
SHA1
5de6e03647a1c0afc6eb06726a91d6969af24411
-
SHA256
239ab5d4355bfbeb28962fa372ff4004d94f5aa7d5c423be9c84548c521908fa
-
SHA512
1c901fac84baeeb20caa0fa64a0c938e540bc95ceebb91377c354e139f1bb4d8a96e28dbe60eee32d0dc6c05392ead0458f312c19c26f896283a87aaf07e346d
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
NEW ORDER.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.saisianket-tech.com - Port:
587 - Username:
akibapen@saisianket-tech.com - Password:
oluwagozie123
Targets
-
-
Target
NEW ORDER.exe
-
Size
630KB
-
MD5
1559eb5515eb732de889dcdff24662c9
-
SHA1
69abf00e7e4ab89a0592380413d3d12cfc714cb9
-
SHA256
3984eb9bbb5210eaf04a4bcdfcc1512a58df9d264cf2e8a19377f59d4fd8e55b
-
SHA512
f948ed228ae434d55c9f16ff8ab172463fe621955bf58b79cb37dedde104c3c73757513d5243e06968fc4b655432fa399bcec3eafe75ef44a16fd7978814d350
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-