General
-
Target
d020d94a282a227a1d43ad0a314dad79e9ae0dad754a23e8dfdcd70f7badfc8f
-
Size
489KB
-
Sample
220520-3sgfjaccgk
-
MD5
1fcadfdae0a2e5cdfad61bdc3dc4adaf
-
SHA1
d6bccb8f95dc884047447cd0eaaf5d55e1f84c46
-
SHA256
d020d94a282a227a1d43ad0a314dad79e9ae0dad754a23e8dfdcd70f7badfc8f
-
SHA512
d932bc38638ca984f8a2536e5acac2229f9d501411c35be0851dac80ec4f3398b659d4201bf717522c400bb9445a3737245ad35b5901bb1dad6dc8ecff8b0a47
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.deepakengineers.co.in - Port:
587 - Username:
[email protected] - Password:
rubina@@123*
Targets
-
-
Target
NEW ORDER.exe
-
Size
744KB
-
MD5
90e57ec2ce41a356068ce22d4849b5b0
-
SHA1
8b4ed2dc6506d578a037c2cb50a3562794f6fa19
-
SHA256
2ef6391d206ccd92009a213f15947d713e25340ec9ad6d402e5c47beb49558c3
-
SHA512
a5e72c2c88e65cb83140d80924ef59fefe199480232231b10f0f292d92a914b8fa2d2084b5dff09dc310415788488ece45bb045ba6c117bcf3d50d0f7d925a32
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-