General
-
Target
12c211ee81ac97d7f7a3ade886523cd764e7d9c0fb41d731442569262cf6afbb
-
Size
1.4MB
-
Sample
220520-2nhblaafhr
-
MD5
4bbfa1c7d721e6aa77217a295231e437
-
SHA1
ea77343b5334de2e5533c9f22323559b1bc61cac
-
SHA256
12c211ee81ac97d7f7a3ade886523cd764e7d9c0fb41d731442569262cf6afbb
-
SHA512
0b2403b951839d284aca06440b222b3258aa38bde1a3d300cd2f2b5b2328593a8bc3f442dad54e48619e672b5f9f1e3f44f21124bf40aa1e7a0860af613eccf9
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_ORDE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hora-ro.com - Port:
587 - Username:
[email protected] - Password:
tanga333
Targets
-
-
Target
NEW_ORDE.EXE
-
Size
829KB
-
MD5
da0a06a956b9e1d15889bfd3b36dfd69
-
SHA1
db5fa021b78515dd7648ded39bed6167d82c9794
-
SHA256
205a2f88f490388970c68b7512acfb90756655b4115e3bbe7b2b77efeab58bdf
-
SHA512
c0b77d23de99c0aed429db06dc3d7b439af7ee1d22520e20177feb7edca6e83eeedb969d841370a26d5609138b7ec6627157a54b38fb3f96fe353af0e62b572a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-