General
-
Target
New Order4687334.exe
-
Size
792KB
-
Sample
211202-q892kahdan
-
MD5
abc0d5990e243c73bcb0ef52f113c9c8
-
SHA1
a62d9e6614ab925a6ec5ec1d8c8abeb44cf51ef0
-
SHA256
b8baaf727f8da89fe81122fd5c93c3d34b7f3f78ae90403309d7d335e0bb3792
-
SHA512
c33cdb17d07af0b51b4dfdf1a4626ec94ad87d24aef2e4ac8cc17eecdfdfe246224a28e448d321feb4ea70d83a349f822ed46abad7ec1913566b83a2c9bc4fa5
Static task
static1
Behavioral task
behavioral1
Sample
New Order4687334.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
New Order4687334.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5074572303:AAE8ZKRzrDBFdUptPX0s5TohA3XJtaS_H_8/sendDocument
Targets
-
-
Target
New Order4687334.exe
-
Size
792KB
-
MD5
abc0d5990e243c73bcb0ef52f113c9c8
-
SHA1
a62d9e6614ab925a6ec5ec1d8c8abeb44cf51ef0
-
SHA256
b8baaf727f8da89fe81122fd5c93c3d34b7f3f78ae90403309d7d335e0bb3792
-
SHA512
c33cdb17d07af0b51b4dfdf1a4626ec94ad87d24aef2e4ac8cc17eecdfdfe246224a28e448d321feb4ea70d83a349f822ed46abad7ec1913566b83a2c9bc4fa5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-