General
-
Target
New Order-040201.exe
-
Size
1.1MB
-
Sample
210727-fe1eamxxhj
-
MD5
f0353c27594e08be39fbcf8c9e51eaf6
-
SHA1
ca1067bf97d677248def3252d027d87f545f1671
-
SHA256
6e6c927afc8340a1a15150f50bd68ff6ec6964928b5e68ffc631a4e245894c6a
-
SHA512
1526cc91823d20fd9591bb1b61f605bce13f21399c958b51b53132387b733bd691697b45eb3dc3b6dc7414318d9214a3c38da2e12c3d20ee6131130c7ffa4e97
Static task
static1
Behavioral task
behavioral1
Sample
New Order-040201.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New Order-040201.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Neways@123
Targets
-
-
Target
New Order-040201.exe
-
Size
1.1MB
-
MD5
f0353c27594e08be39fbcf8c9e51eaf6
-
SHA1
ca1067bf97d677248def3252d027d87f545f1671
-
SHA256
6e6c927afc8340a1a15150f50bd68ff6ec6964928b5e68ffc631a4e245894c6a
-
SHA512
1526cc91823d20fd9591bb1b61f605bce13f21399c958b51b53132387b733bd691697b45eb3dc3b6dc7414318d9214a3c38da2e12c3d20ee6131130c7ffa4e97
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-