General
-
Target
ddf5e395143c2d42f408acc1a8a8a4f64aeacd39e051c0c368708a00ddd2a7fd
-
Size
389KB
-
Sample
220520-3pahtacbem
-
MD5
9fb1a254a74baaee3ae4494ae06426ef
-
SHA1
41c97509746d9e72ac46574eb8d05ecb8661321f
-
SHA256
ddf5e395143c2d42f408acc1a8a8a4f64aeacd39e051c0c368708a00ddd2a7fd
-
SHA512
07f4317c81b7b91d3726f9ffdd212197a3441ab97e2748dd13ebef4bc3bf1dda598677654dc01d954d8478cb5edfa5ed63edc9c717e872fe0309e077d519be6a
Static task
static1
Behavioral task
behavioral1
Sample
New Order.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.puadayspa.com - Port:
587 - Username:
[email protected] - Password:
father1234<>?
Extracted
Protocol: smtp- Host:
mail.puadayspa.com - Port:
587 - Username:
[email protected] - Password:
father1234<>?
Targets
-
-
Target
New Order.Scr
-
Size
456KB
-
MD5
53815c81256a5193a83600ddfc490298
-
SHA1
7d7ee525592e6ffeff5bd67cde2f9090d3ca940a
-
SHA256
2c65e0c23fc1e160821fc534bff9ea30e48c4a8af25cf2e3f5f03ec119627f7d
-
SHA512
6f57947a4ed7af4e577a3869ba2802c10d82d1bc0bb07b2b925f57d48db45c9fd11d971feb6fc4433d05c87596bc1d3e19ac4bea891a37e539651488abaf9bc1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-