General
-
Target
New Order.exe
-
Size
412KB
-
Sample
211018-tmyyysehap
-
MD5
5f546d983398118492848fbd6738e005
-
SHA1
77d3a30309ecd1095118d49cd343dd6d82be592b
-
SHA256
201e4f71a185f6b79203ad873cc5abbbeb85f1b11a23615403bcabcbb13932d1
-
SHA512
de2a620945b8758fde36b91736cd05d1e301e0163040528532c49bc3a2f3bf0f3e5959a61b8b60fe5bacc72330218c6ea926f03427011e0dee1337de2ae2aae7
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
e)cnIdR1
Targets
-
-
Target
New Order.exe
-
Size
412KB
-
MD5
5f546d983398118492848fbd6738e005
-
SHA1
77d3a30309ecd1095118d49cd343dd6d82be592b
-
SHA256
201e4f71a185f6b79203ad873cc5abbbeb85f1b11a23615403bcabcbb13932d1
-
SHA512
de2a620945b8758fde36b91736cd05d1e301e0163040528532c49bc3a2f3bf0f3e5959a61b8b60fe5bacc72330218c6ea926f03427011e0dee1337de2ae2aae7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-