General
-
Target
f57556dd4dcec75f8de194a7d12cef919475f0427a71838142e7325594dd461d
-
Size
503KB
-
Sample
220520-3j847ahae2
-
MD5
332d35243253ce3e052dd928c3c54a8a
-
SHA1
21a918e89bc19077c34777d93789e1d669ecd0fd
-
SHA256
f57556dd4dcec75f8de194a7d12cef919475f0427a71838142e7325594dd461d
-
SHA512
ee6e051bef0c3c2f7a1d7515366f52a08f65437efa33cb1f5d341c874701b43b4e19e85636f48df0886538fd961df6655402ee5765770fca47037ecd3dfd0f15
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.leffamatrizes.com.br - Port:
587 - Username:
[email protected] - Password:
amx1020
Targets
-
-
Target
New Order.exe
-
Size
758KB
-
MD5
c8960c307ab38ddf3f7de4e61ce804d7
-
SHA1
0cbae88afb0016e9c2852f4e1979c7ee6e091f69
-
SHA256
54cd74d3361f9793b8be5da7a4ec079464bc851eded6000ae4a5c2ceeaef657d
-
SHA512
5f7d250d7b6f2726d231afb565c8d1dd7e3177cccb7e69a3f8183bd0fe441077e6624b5cc0262d07dd37d3e9241e42cb5615847ebb82f2111ed7a1fc703a17de
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-