General
-
Target
df8493376447c1a63980f123a63223c7ab873ff92a9fcefd8fe2cf9e60695af7
-
Size
353KB
-
Sample
220520-3fxa8abgcp
-
MD5
41e71f8736a2b88fa215486e2c59fc40
-
SHA1
d89499df0290c265b4d0016cbb827d02b6427919
-
SHA256
df8493376447c1a63980f123a63223c7ab873ff92a9fcefd8fe2cf9e60695af7
-
SHA512
e2cf272e1c5fedff0dc1f0219869d7625da15f3471d9fd544a3f0410fa74be738bca1504b121f819633a8b16195661333656ac195f2aa7fab043200964ae32f1
Static task
static1
Behavioral task
behavioral1
Sample
NEWORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEWORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!9aT1sz8?9SqN
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!9aT1sz8?9SqN
Targets
-
-
Target
NEWORDER.exe
-
Size
377KB
-
MD5
4dc4febea8bcf61b80a4068bcc7d7264
-
SHA1
26ff271fb9e9170836e21f85e2a64a1915374c69
-
SHA256
bca2dfcc165159c1432087a9adf1921baf2f53dd52b69be50e5cf400f4c0cd8d
-
SHA512
76cc3363d01e070f13faa6398b5258b2f3a5111e1a70db41a9106f80aa20309484fbcf447d03bf8a5f83809eefaa1cb807831de09b55a70112a5ddc90e8ea150
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-